platform/kernel/linux-starfive.git
8 years agonios2: convert to dma_map_ops
Christoph Hellwig [Wed, 20 Jan 2016 23:01:41 +0000 (15:01 -0800)]
nios2: convert to dma_map_ops

Signed-off-by: Christoph Hellwig <hch@lst.de>
Cc: Ley Foon Tan <lftan@altera.com>
Cc: Christian Borntraeger <borntraeger@de.ibm.com>
Cc: Joerg Roedel <jroedel@suse.de>
Cc: Sebastian Ott <sebott@linux.vnet.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
8 years agocris: convert to dma_map_ops
Christoph Hellwig [Wed, 20 Jan 2016 23:01:38 +0000 (15:01 -0800)]
cris: convert to dma_map_ops

Signed-off-by: Christoph Hellwig <hch@lst.de>
Cc: Mikael Starvik <starvik@axis.com>
Cc: Jesper Nilsson <jesper.nilsson@axis.com>
Cc: Christian Borntraeger <borntraeger@de.ibm.com>
Cc: Joerg Roedel <jroedel@suse.de>
Cc: Sebastian Ott <sebott@linux.vnet.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
8 years agoc6x: convert to dma_map_ops
Christoph Hellwig [Wed, 20 Jan 2016 23:01:35 +0000 (15:01 -0800)]
c6x: convert to dma_map_ops

[dan.carpenter@oracle.com: C6X: fix build breakage]
Signed-off-by: Christoph Hellwig <hch@lst.de>
Cc: Mark Salter <msalter@redhat.com>
Cc: Aurelien Jacquiot <a-jacquiot@ti.com>
Cc: Christian Borntraeger <borntraeger@de.ibm.com>
Cc: Joerg Roedel <jroedel@suse.de>
Cc: Sebastian Ott <sebott@linux.vnet.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
8 years agoblackfin: convert to dma_map_ops
Christoph Hellwig [Wed, 20 Jan 2016 23:01:32 +0000 (15:01 -0800)]
blackfin: convert to dma_map_ops

Signed-off-by: Christoph Hellwig <hch@lst.de>
Cc: Steven Miao <realmz6@gmail.com>
Cc: Christian Borntraeger <borntraeger@de.ibm.com>
Cc: Joerg Roedel <jroedel@suse.de>
Cc: Sebastian Ott <sebott@linux.vnet.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
8 years agoavr32: convert to dma_map_ops
Christoph Hellwig [Wed, 20 Jan 2016 23:01:29 +0000 (15:01 -0800)]
avr32: convert to dma_map_ops

Signed-off-by: Christoph Hellwig <hch@lst.de>
Cc: Haavard Skinnemoen <hskinnemoen@gmail.com>
Cc: Hans-Christian Egtvedt <egtvedt@samfundet.no>
Cc: Christian Borntraeger <borntraeger@de.ibm.com>
Cc: Joerg Roedel <jroedel@suse.de>
Cc: Sebastian Ott <sebott@linux.vnet.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
8 years agoarc: convert to dma_map_ops
Christoph Hellwig [Wed, 20 Jan 2016 23:01:26 +0000 (15:01 -0800)]
arc: convert to dma_map_ops

[vgupta@synopsys.com: ARC: dma mapping fixes #2]
Signed-off-by: Christoph Hellwig <hch@lst.de>
Cc: Vineet Gupta <vgupta@synopsys.com>
Cc: Christian Borntraeger <borntraeger@de.ibm.com>
Cc: Joerg Roedel <jroedel@suse.de>
Cc: Sebastian Ott <sebott@linux.vnet.ibm.com>
Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
Cc: Carlos Palminha <CARLOS.PALMINHA@synopsys.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
8 years agodma-mapping: make the generic coherent dma mmap implementation optional
Christoph Hellwig [Wed, 20 Jan 2016 23:01:22 +0000 (15:01 -0800)]
dma-mapping: make the generic coherent dma mmap implementation optional

This series converts all remaining architectures to use dma_map_ops and
the generic implementation of the DMA API.  This not only simplifies the
code a lot, but also prepares for possible future changes like more
generic non-iommu dma_ops implementations or generic per-device
dma_map_ops.

This patch (of 16):

We have a couple architectures that do not want to support this code, so
add another Kconfig symbol that disables the code similar to what we do
for the nommu case.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Cc: Haavard Skinnemoen <hskinnemoen@gmail.com>
Cc: Hans-Christian Egtvedt <egtvedt@samfundet.no>
Cc: Steven Miao <realmz6@gmail.com>
Cc: Ley Foon Tan <lftan@altera.com>
Cc: David Howells <dhowells@redhat.com>
Cc: Koichi Yasutake <yasutake.koichi@jp.panasonic.com>
Cc: Chris Metcalf <cmetcalf@ezchip.com>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Aurelien Jacquiot <a-jacquiot@ti.com>
Cc: Geert Uytterhoeven <geert@linux-m68k.org>
Cc: Helge Deller <deller@gmx.de>
Cc: James Hogan <james.hogan@imgtec.com>
Cc: Jesper Nilsson <jesper.nilsson@axis.com>
Cc: Mark Salter <msalter@redhat.com>
Cc: Mikael Starvik <starvik@axis.com>
Cc: Vineet Gupta <vgupta@synopsys.com>
Cc: Christian Borntraeger <borntraeger@de.ibm.com>
Cc: Joerg Roedel <jroedel@suse.de>
Cc: Sebastian Ott <sebott@linux.vnet.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
8 years agoiio: core: fix ptr_ret.cocci warnings
Fengguang Wu [Wed, 20 Jan 2016 23:01:19 +0000 (15:01 -0800)]
iio: core: fix ptr_ret.cocci warnings

drivers/iio/industrialio-sw-trigger.c:169:1-3: WARNING: PTR_ERR_OR_ZERO can be used

 Use PTR_ERR_OR_ZERO rather than if(IS_ERR(...)) + PTR_ERR

Generated by: scripts/coccinelle/api/ptr_ret.cocci

Signed-off-by: Fengguang Wu <fengguang.wu@intel.com>
Cc: Joel Becker <jlbec@evilplan.org>
Cc: Lars-Peter Clausen <lars@metafoo.de>
Cc: Christoph Hellwig <hch@lst.de>
Cc: Hartmut Knaack <knaack.h@gmx.de>
Cc: Octavian Purdila <octavian.purdila@intel.com>
Cc: Paul Bolle <pebolle@tiscali.nl>
Cc: Adriana Reus <adriana.reus@intel.com>
Cc: Daniel Baluta <daniel.baluta@intel.com>
Cc: Cristina Opriceana <cristina.opriceana@gmail.com>
Cc: Peter Meerwald <pmeerw@pmeerw.net>
Cc: Alexander Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
8 years agofs/adfs/adfs.h: tidy up comments
Andrew Morton [Wed, 20 Jan 2016 23:01:16 +0000 (15:01 -0800)]
fs/adfs/adfs.h: tidy up comments

Lots of needless 80-col overflows.

Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
8 years agofs/overlayfs/super.c needs pagemap.h
Andrew Morton [Wed, 20 Jan 2016 23:01:13 +0000 (15:01 -0800)]
fs/overlayfs/super.c needs pagemap.h

i386 allmodconfig:

  In file included from fs/overlayfs/super.c:10:0:
  fs/overlayfs/super.c: In function 'ovl_fill_super':
  include/linux/fs.h:898:36: error: 'PAGE_CACHE_SIZE' undeclared (first use in this function)
   #define MAX_LFS_FILESIZE (((loff_t)PAGE_CACHE_SIZE << (BITS_PER_LONG-1))-1)
                                      ^
  fs/overlayfs/super.c:939:19: note: in expansion of macro 'MAX_LFS_FILESIZE'
    sb->s_maxbytes = MAX_LFS_FILESIZE;
                     ^
  include/linux/fs.h:898:36: note: each undeclared identifier is reported only once for each function it appears in
   #define MAX_LFS_FILESIZE (((loff_t)PAGE_CACHE_SIZE << (BITS_PER_LONG-1))-1)
                                      ^
  fs/overlayfs/super.c:939:19: note: in expansion of macro 'MAX_LFS_FILESIZE'
    sb->s_maxbytes = MAX_LFS_FILESIZE;
                     ^

Cc: Miklos Szeredi <miklos@szeredi.hu>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
8 years agoipc/shm.c: is_file_shm_hugepages() can be boolean
Yaowei Bai [Wed, 20 Jan 2016 23:01:11 +0000 (15:01 -0800)]
ipc/shm.c: is_file_shm_hugepages() can be boolean

Make is_file_shm_hugepages() return bool to improve readability due to
this particular function only using either one or zero as its return
value.

No functional change.

Signed-off-by: Yaowei Bai <baiyaowei@cmss.chinamobile.com>
Acked-by: Michal Hocko <mhocko@suse.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
8 years agolz4: fix wrong compress buffer size for 64-bits
Bongkyu Kim [Wed, 20 Jan 2016 23:01:08 +0000 (15:01 -0800)]
lz4: fix wrong compress buffer size for 64-bits

The current lz4 compress buffer is 16kb on 32-bits, 32kb on 64-bits
system.  But, lz4 needs only 16kb on both.  On 64-bits, this causes
wasted cpu cycles for additional memset during every compression.

In case of lz4hc, the current buffer size is (256kb + 8) on 32-bits,
(512kb + 16) on 64-bits.  But, lz4hc needs only (256kb + 2 * pointer) on
both.

This patch fixes these wrong compress buffer sizes for 64-bits.

Signed-off-by: Bongkyu Kim <bongkyu.kim@lge.com>
Cc: Chanho Min <chanho.min@lge.com>
Cc: Yann Collet <yann.collet.73@gmail.com>
Cc: Kyungsik Lee <kyungsik.lee@lge.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
8 years agoproc read mm's {arg,env}_{start,end} with mmap semaphore taken.
Mateusz Guzik [Wed, 20 Jan 2016 23:01:05 +0000 (15:01 -0800)]
proc read mm's {arg,env}_{start,end} with mmap semaphore taken.

Only functions doing more than one read are modified.  Consumeres
happened to deal with possibly changing data, but it does not seem like
a good thing to rely on.

Signed-off-by: Mateusz Guzik <mguzik@redhat.com>
Acked-by: Cyrill Gorcunov <gorcunov@openvz.org>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: Jarod Wilson <jarod@redhat.com>
Cc: Jan Stancek <jstancek@redhat.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Anshuman Khandual <anshuman.linux@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
8 years agoprctl: take mmap sem for writing to protect against others
Mateusz Guzik [Wed, 20 Jan 2016 23:01:02 +0000 (15:01 -0800)]
prctl: take mmap sem for writing to protect against others

An unprivileged user can trigger an oops on a kernel with
CONFIG_CHECKPOINT_RESTORE.

proc_pid_cmdline_read takes mmap_sem for reading and obtains args + env
start/end values. These get sanity checked as follows:
        BUG_ON(arg_start > arg_end);
        BUG_ON(env_start > env_end);

These can be changed by prctl_set_mm. Turns out also takes the semaphore for
reading, effectively rendering it useless. This results in:

  kernel BUG at fs/proc/base.c:240!
  invalid opcode: 0000 [#1] SMP
  Modules linked in: virtio_net
  CPU: 0 PID: 925 Comm: a.out Not tainted 4.4.0-rc8-next-20160105dupa+ #71
  Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
  task: ffff880077a68000 ti: ffff8800784d0000 task.ti: ffff8800784d0000
  RIP: proc_pid_cmdline_read+0x520/0x530
  RSP: 0018:ffff8800784d3db8  EFLAGS: 00010206
  RAX: ffff880077c5b6b0 RBX: ffff8800784d3f18 RCX: 0000000000000000
  RDX: 0000000000000002 RSI: 00007f78e8857000 RDI: 0000000000000246
  RBP: ffff8800784d3e40 R08: 0000000000000008 R09: 0000000000000001
  R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000050
  R13: 00007f78e8857800 R14: ffff88006fcef000 R15: ffff880077c5b600
  FS:  00007f78e884a740(0000) GS:ffff88007b200000(0000) knlGS:0000000000000000
  CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
  CR2: 00007f78e8361770 CR3: 00000000790a5000 CR4: 00000000000006f0
  Call Trace:
    __vfs_read+0x37/0x100
    vfs_read+0x82/0x130
    SyS_read+0x58/0xd0
    entry_SYSCALL_64_fastpath+0x12/0x76
  Code: 4c 8b 7d a8 eb e9 48 8b 9d 78 ff ff ff 4c 8b 7d 90 48 8b 03 48 39 45 a8 0f 87 f0 fe ff ff e9 d1 fe ff ff 4c 8b 7d 90 eb c6 0f 0b <0f> 0b 0f 0b 66 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00
  RIP   proc_pid_cmdline_read+0x520/0x530
  ---[ end trace 97882617ae9c6818 ]---

Turns out there are instances where the code just reads aformentioned
values without locking whatsoever - namely environ_read and get_cmdline.

Interestingly these functions look quite resilient against bogus values,
but I don't believe this should be relied upon.

The first patch gets rid of the oops bug by grabbing mmap_sem for
writing.

The second patch is optional and puts locking around aformentioned
consumers for safety.  Consumers of other fields don't seem to benefit
from similar treatment and are left untouched.

This patch (of 2):

The code was taking the semaphore for reading, which does not protect
against readers nor concurrent modifications.

The problem could cause a sanity checks to fail in procfs's cmdline
reader, resulting in an OOPS.

Note that some functions perform an unlocked read of various mm fields,
but they seem to be fine despite possible modificaton.

Signed-off-by: Mateusz Guzik <mguzik@redhat.com>
Acked-by: Cyrill Gorcunov <gorcunov@openvz.org>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: Jarod Wilson <jarod@redhat.com>
Cc: Jan Stancek <jstancek@redhat.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Anshuman Khandual <anshuman.linux@gmail.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
8 years agopowerpc: enable UBSAN support
Daniel Axtens [Wed, 20 Jan 2016 23:00:58 +0000 (15:00 -0800)]
powerpc: enable UBSAN support

This hooks up UBSAN support for PowerPC.

So far it's found some interesting cases where we don't properly sanitise
input to shifts, including one in our futex handling.  Nothing critical,
but interesting and worth fixing.

[valentinrothberg@gmail.com: arch/powerpc/Kconfig: fix typo in select statement]
Signed-off-by: Daniel Axtens <dja@axtens.net>
Cc: Andrey Ryabinin <aryabinin@virtuozzo.com>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Tested-by: Andrew Donnellan <andrew.donnellan@au1.ibm.com>
Acked-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Valentin Rothberg <valentinrothberg@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
8 years agoUBSAN: run-time undefined behavior sanity checker
Andrey Ryabinin [Wed, 20 Jan 2016 23:00:55 +0000 (15:00 -0800)]
UBSAN: run-time undefined behavior sanity checker

UBSAN uses compile-time instrumentation to catch undefined behavior
(UB).  Compiler inserts code that perform certain kinds of checks before
operations that could cause UB.  If check fails (i.e.  UB detected)
__ubsan_handle_* function called to print error message.

So the most of the work is done by compiler.  This patch just implements
ubsan handlers printing errors.

GCC has this capability since 4.9.x [1] (see -fsanitize=undefined
option and its suboptions).
However GCC 5.x has more checkers implemented [2].
Article [3] has a bit more details about UBSAN in the GCC.

[1] - https://gcc.gnu.org/onlinedocs/gcc-4.9.0/gcc/Debugging-Options.html
[2] - https://gcc.gnu.org/onlinedocs/gcc/Debugging-Options.html
[3] - http://developerblog.redhat.com/2014/10/16/gcc-undefined-behavior-sanitizer-ubsan/

Issues which UBSAN has found thus far are:

Found bugs:

 * out-of-bounds access - 97840cb67ff5 ("netfilter: nfnetlink: fix
   insufficient validation in nfnetlink_bind")

undefined shifts:

 * d48458d4a768 ("jbd2: use a better hash function for the revoke
   table")

 * 10632008b9e1 ("clockevents: Prevent shift out of bounds")

 * 'x << -1' shift in ext4 -
   http://lkml.kernel.org/r/<5444EF21.8020501@samsung.com>

 * undefined rol32(0) -
   http://lkml.kernel.org/r/<1449198241-20654-1-git-send-email-sasha.levin@oracle.com>

 * undefined dirty_ratelimit calculation -
   http://lkml.kernel.org/r/<566594E2.3050306@odin.com>

 * undefined roundown_pow_of_two(0) -
   http://lkml.kernel.org/r/<1449156616-11474-1-git-send-email-sasha.levin@oracle.com>

 * [WONTFIX] undefined shift in __bpf_prog_run -
   http://lkml.kernel.org/r/<CACT4Y+ZxoR3UjLgcNdUm4fECLMx2VdtfrENMtRRCdgHB2n0bJA@mail.gmail.com>

   WONTFIX here because it should be fixed in bpf program, not in kernel.

signed overflows:

 * 32a8df4e0b33f ("sched: Fix odd values in effective_load()
   calculations")

 * mul overflow in ntp -
   http://lkml.kernel.org/r/<1449175608-1146-1-git-send-email-sasha.levin@oracle.com>

 * incorrect conversion into rtc_time in rtc_time64_to_tm() -
   http://lkml.kernel.org/r/<1449187944-11730-1-git-send-email-sasha.levin@oracle.com>

 * unvalidated timespec in io_getevents() -
   http://lkml.kernel.org/r/<CACT4Y+bBxVYLQ6LtOKrKtnLthqLHcw-BMp3aqP3mjdAvr9FULQ@mail.gmail.com>

 * [NOTABUG] signed overflow in ktime_add_safe() -
   http://lkml.kernel.org/r/<CACT4Y+aJ4muRnWxsUe1CMnA6P8nooO33kwG-c8YZg=0Xc8rJqw@mail.gmail.com>

[akpm@linux-foundation.org: fix unused local warning]
[akpm@linux-foundation.org: fix __int128 build woes]
Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Sasha Levin <sasha.levin@oracle.com>
Cc: Randy Dunlap <rdunlap@infradead.org>
Cc: Rasmus Villemoes <linux@rasmusvillemoes.dk>
Cc: Jonathan Corbet <corbet@lwn.net>
Cc: Michal Marek <mmarek@suse.cz>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Yury Gribov <y.gribov@samsung.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Cc: Konstantin Khlebnikov <koct9i@gmail.com>
Cc: Kostya Serebryany <kcc@google.com>
Cc: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
8 years agonet/mac80211/debugfs.c: prevent build failure with CONFIG_UBSAN=y
Andrey Ryabinin [Wed, 20 Jan 2016 23:00:51 +0000 (15:00 -0800)]
net/mac80211/debugfs.c: prevent build failure with CONFIG_UBSAN=y

With upcoming CONFIG_UBSAN the following BUILD_BUG_ON in
net/mac80211/debugfs.c starts to trigger:

  BUILD_BUG_ON(hw_flag_names[NUM_IEEE80211_HW_FLAGS] != (void *)0x1);

It seems, that compiler instrumentation causes some code
deoptimizations.  Because of that GCC is not being able to resolve
condition in BUILD_BUG_ON() at compile time.

We could make size of hw_flag_names array unspecified and replace the
condition in BUILD_BUG_ON() with following:

  ARRAY_SIZE(hw_flag_names) != NUM_IEEE80211_HW_FLAGS

That will have the same effect as before (adding new flag without
updating array will trigger build failure) except it doesn't fail with
CONFIG_UBSAN.  As a bonus this patch slightly decreases size of
hw_flag_names array.

Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
Cc: Johannes Berg <johannes@sipsolutions.net>
Cc: "David S. Miller" <davem@davemloft.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
8 years agokernel: printk: specify alignment for struct printk_log
Andrey Ryabinin [Wed, 20 Jan 2016 23:00:48 +0000 (15:00 -0800)]
kernel: printk: specify alignment for struct printk_log

On architectures that have support for efficient unaligned access struct
printk_log has 4-byte alignment.  Specify alignment attribute in type
declaration.

The whole point of this patch is to fix deadlock which happening when
UBSAN detects unaligned access in printk() thus UBSAN recursively calls
printk() with logbuf_lock held by top printk() call.

Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Sasha Levin <sasha.levin@oracle.com>
Cc: Randy Dunlap <rdunlap@infradead.org>
Cc: Rasmus Villemoes <linux@rasmusvillemoes.dk>
Cc: Jonathan Corbet <corbet@lwn.net>
Cc: Michal Marek <mmarek@suse.cz>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Yury Gribov <y.gribov@samsung.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Cc: Konstantin Khlebnikov <koct9i@gmail.com>
Cc: Kostya Serebryany <kcc@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
8 years agosysctl: enable strict writes
Kees Cook [Wed, 20 Jan 2016 23:00:45 +0000 (15:00 -0800)]
sysctl: enable strict writes

SYSCTL_WRITES_WARN was added in commit f4aacea2f5d1 ("sysctl: allow for
strict write position handling"), and released in v3.16 in August of
2014.  Since then I can find only 1 instance of non-zero offset
writing[1], and it was fixed immediately in CRIU[2].  As such, it
appears safe to flip this to the strict state now.

[1] https://www.google.com/search?q="when%20file%20position%20was%20not%200"
[2] http://lists.openvz.org/pipermail/criu/2015-April/019819.html

Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
8 years agorbtree: use READ_ONCE in RB_EMPTY_ROOT
Davidlohr Bueso [Wed, 20 Jan 2016 23:00:42 +0000 (15:00 -0800)]
rbtree: use READ_ONCE in RB_EMPTY_ROOT

With commit d72da4a4d97 ("rbtree: Make lockless searches non-fatal") our
rbtrees provide weak guarantees that allows us to do lockless (and very
speculative) reads of the tree.  Such readers cannot see partial stores
on nodes, ie left/right as well as root.  As such, similar to the
WRITE_ONCE semantics when doing rotations, use READ_ONCE when checking
the root node in RB_EMPTY_ROOT.

Signed-off-by: Davidlohr Bueso <dbueso@suse.de>
Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Michel Lespinasse <walken@google.com>
Cc: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
8 years agorapidio: use kobj_to_dev()
Geliang Tang [Wed, 20 Jan 2016 23:00:39 +0000 (15:00 -0800)]
rapidio: use kobj_to_dev()

Use kobj_to_dev() instead of open-coding it.

Signed-off-by: Geliang Tang <geliangtang@163.com>
Acked-by: "Bounine, Alexandre" <Alexandre.Bounine@idt.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
8 years agokexec: move some memembers and definitions within the scope of CONFIG_KEXEC_FILE
Xunlei Pang [Wed, 20 Jan 2016 23:00:36 +0000 (15:00 -0800)]
kexec: move some memembers and definitions within the scope of CONFIG_KEXEC_FILE

Move the stuff currently only used by the kexec file code within
CONFIG_KEXEC_FILE (and CONFIG_KEXEC_VERIFY_SIG).

Also move internal "struct kexec_sha_region" and "struct kexec_buf" into
"kexec_internal.h".

Signed-off-by: Xunlei Pang <xlpang@redhat.com>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: Dave Young <dyoung@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
8 years agokernel/kexec_core.c: use list_for_each_entry_safe in kimage_free_page_list
Geliang Tang [Wed, 20 Jan 2016 23:00:34 +0000 (15:00 -0800)]
kernel/kexec_core.c: use list_for_each_entry_safe in kimage_free_page_list

Use list_for_each_entry_safe() instead of list_for_each_safe() to
simplify the code.

Signed-off-by: Geliang Tang <geliangtang@163.com>
Cc: Dave Young <dyoung@redhat.com>
Cc: Vivek Goyal <vgoyal@redhat.com>
Acked-by: Baoquan He <bhe@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
8 years agokexec: set KEXEC_TYPE_CRASH before sanity_check_segment_list()
Xunlei Pang [Wed, 20 Jan 2016 23:00:31 +0000 (15:00 -0800)]
kexec: set KEXEC_TYPE_CRASH before sanity_check_segment_list()

sanity_check_segment_list() checks KEXEC_TYPE_CRASH flag to ensure all the
segments of the loaded crash kernel are within the kernel crash resource
limits, so set the flag beforehand.

Signed-off-by: Xunlei Pang <xlpang@redhat.com>
Acked-by: Dave Young <dyoung@redhat.com>
Cc: Eric Biederman <ebiederm@xmission.com>
Cc: Vivek Goyal <vgoyal@redhat.com>
Acked-by: Baoquan He <bhe@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
8 years agokernel/cpu.c: make set_cpu_* static inlines
Rasmus Villemoes [Wed, 20 Jan 2016 23:00:28 +0000 (15:00 -0800)]
kernel/cpu.c: make set_cpu_* static inlines

Almost all callers of the set_cpu_* functions pass an explicit true or
false.  Making them static inline thus replaces the function calls with a
simple set_bit/clear_bit, saving some .text.

Signed-off-by: Rasmus Villemoes <linux@rasmusvillemoes.dk>
Acked-by: Rusty Russell <rusty@rustcorp.com.au>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
8 years agokernel/cpu.c: eliminate cpu_*_mask
Rasmus Villemoes [Wed, 20 Jan 2016 23:00:25 +0000 (15:00 -0800)]
kernel/cpu.c: eliminate cpu_*_mask

Replace the variables cpu_possible_mask, cpu_online_mask, cpu_present_mask
and cpu_active_mask with macros expanding to expressions of the same type
and value, eliminating some indirection.

Signed-off-by: Rasmus Villemoes <linux@rasmusvillemoes.dk>
Acked-by: Rusty Russell <rusty@rustcorp.com.au>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
8 years agodrivers/base/cpu.c: use __cpu_*_mask directly
Rasmus Villemoes [Wed, 20 Jan 2016 23:00:22 +0000 (15:00 -0800)]
drivers/base/cpu.c: use __cpu_*_mask directly

The only user of the lvalue-ness of the cpu_*_mask variables is in
drivers/base/cpu.c, and that is mostly a work-around for the fact that not
even const variables can be used in static initialization.  Now that the
underlying struct cpumasks are exposed we can take their address.

Signed-off-by: Rasmus Villemoes <linux@rasmusvillemoes.dk>
Acked-by: Rusty Russell <rusty@rustcorp.com.au>
Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
8 years agokernel/cpu.c: export __cpu_*_mask
Rasmus Villemoes [Wed, 20 Jan 2016 23:00:19 +0000 (15:00 -0800)]
kernel/cpu.c: export __cpu_*_mask

Exporting the cpumasks __cpu_possible_mask and friends will allow us to
remove the extra indirection through the cpu_*_mask variables.  It will
also allow the set_cpu_* functions to become static inlines, which will
give a .text reduction.

Signed-off-by: Rasmus Villemoes <linux@rasmusvillemoes.dk>
Acked-by: Rusty Russell <rusty@rustcorp.com.au>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
8 years agokernel/cpu.c: change type of cpu_possible_bits and friends
Rasmus Villemoes [Wed, 20 Jan 2016 23:00:16 +0000 (15:00 -0800)]
kernel/cpu.c: change type of cpu_possible_bits and friends

Change cpu_possible_bits and friends (online, present, active) from being
bitmaps that happen to have the right size to actually being struct
cpumasks.  Also rename them to __cpu_xyz_mask.  This is mostly a small
cleanup in preparation for exporting them and, eventually, eliminating the
extra indirection through the cpu_xyz_mask variables.

Signed-off-by: Rasmus Villemoes <linux@rasmusvillemoes.dk>
Acked-by: Rusty Russell <rusty@rustcorp.com.au>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
8 years agopowerpc/fadump: rename cpu_online_mask member of struct fadump_crash_info_header
Rasmus Villemoes [Wed, 20 Jan 2016 23:00:13 +0000 (15:00 -0800)]
powerpc/fadump: rename cpu_online_mask member of struct fadump_crash_info_header

The four cpumasks cpu_{possible,online,present,active}_bits are exposed
readonly via the corresponding const variables cpu_xyz_mask.  But they are
also accessible for arbitrary writing via the exposed functions
set_cpu_xyz.  There's quite a bit of code throughout the kernel which
iterates over or otherwise accesses these bitmaps, and having the access
go via the cpu_xyz_mask variables is nowadays [1] simply a useless
indirection.

It may be that any problem in CS can be solved by an extra level of
indirection, but that doesn't mean every extra indirection solves a
problem.  In this case, it even necessitates some minor ugliness (see
4/6).

Patch 1/6 is new in v2, and fixes a build failure on ppc by renaming a
struct member, to avoid problems when the identifier cpu_online_mask
becomes a macro later in the series.  The next four patches eliminate the
cpu_xyz_mask variables by simply exposing the actual bitmaps, after
renaming them to discourage direct access - that still happens through
cpu_xyz_mask, which are now simply macros with the same type and value as
they used to have.

After that, there's no longer any reason to have the setter functions be
out-of-line: The boolean parameter is almost always a literal true or
false, so by making them static inlines they will usually compile to one
or two instructions.

For a defconfig build on x86_64, bloat-o-meter says we save ~3000 bytes.
We also save a little stack (stackdelta says 127 functions have a 16 byte
smaller stack frame, while two grow by that amount).  Mostly because, when
iterating over the mask, gcc typically loads the value of cpu_xyz_mask
into a callee-saved register and from there into %rdi before each
find_next_bit call - now it can just load the appropriate immediate
address into %rdi before each call.

[1] See Rusty's kind explanation
http://thread.gmane.org/gmane.linux.kernel/2047078/focus=2047722 for
some historic context.

This patch (of 6):

As preparation for eliminating the indirect access to the various global
cpu_*_bits bitmaps via the pointer variables cpu_*_mask, rename the
cpu_online_mask member of struct fadump_crash_info_header to simply
online_mask, thus allowing cpu_online_mask to become a macro.

Signed-off-by: Rasmus Villemoes <linux@rasmusvillemoes.dk>
Acked-by: Michael Ellerman <mpe@ellerman.id.au>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
8 years agoexit: remove unneeded declaration of exit_mm()
Dmitry Safonov [Wed, 20 Jan 2016 23:00:10 +0000 (15:00 -0800)]
exit: remove unneeded declaration of exit_mm()

Signed-off-by: Dmitry Safonov <0x7f454c46@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
8 years agofs/coredump: prevent "" / "." / ".." core path components
Jann Horn [Wed, 20 Jan 2016 23:00:08 +0000 (15:00 -0800)]
fs/coredump: prevent "" / "." / ".." core path components

Let %h and %e print empty values as "!", "." as "!" and
".." as "!.".

This prevents hostnames and comm values that are empty or consist of one
or two dots from changing the directory level at which the corefile will
be stored.

Consider the case where someone decides to sort coredumps by hostname
with a core pattern like "/cores/%h/core.%e.%p.%t" or so.  In this
case, hostnames "" and "." would cause the coredump to land directly in
/cores, which is not what the intent behind the core pattern is, and
".." would cause the coredump to land in /.

Yeah, there probably aren't many people who do that, but I still don't
want this edgecase to be kind of broken.

It seems very unlikely that this caused security issues anywhere, so I'm
not requesting a stable backport.

[akpm@linux-foundation.org: tweak code comment]
Signed-off-by: Jann Horn <jann@thejh.net>
Acked-by: Kees Cook <keescook@chromium.org>
Cc: Alexander Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
8 years agoptrace: use fsuid, fsgid, effective creds for fs access checks
Jann Horn [Wed, 20 Jan 2016 23:00:04 +0000 (15:00 -0800)]
ptrace: use fsuid, fsgid, effective creds for fs access checks

By checking the effective credentials instead of the real UID / permitted
capabilities, ensure that the calling process actually intended to use its
credentials.

To ensure that all ptrace checks use the correct caller credentials (e.g.
in case out-of-tree code or newly added code omits the PTRACE_MODE_*CREDS
flag), use two new flags and require one of them to be set.

The problem was that when a privileged task had temporarily dropped its
privileges, e.g.  by calling setreuid(0, user_uid), with the intent to
perform following syscalls with the credentials of a user, it still passed
ptrace access checks that the user would not be able to pass.

While an attacker should not be able to convince the privileged task to
perform a ptrace() syscall, this is a problem because the ptrace access
check is reused for things in procfs.

In particular, the following somewhat interesting procfs entries only rely
on ptrace access checks:

 /proc/$pid/stat - uses the check for determining whether pointers
     should be visible, useful for bypassing ASLR
 /proc/$pid/maps - also useful for bypassing ASLR
 /proc/$pid/cwd - useful for gaining access to restricted
     directories that contain files with lax permissions, e.g. in
     this scenario:
     lrwxrwxrwx root root /proc/13020/cwd -> /root/foobar
     drwx------ root root /root
     drwxr-xr-x root root /root/foobar
     -rw-r--r-- root root /root/foobar/secret

Therefore, on a system where a root-owned mode 6755 binary changes its
effective credentials as described and then dumps a user-specified file,
this could be used by an attacker to reveal the memory layout of root's
processes or reveal the contents of files he is not allowed to access
(through /proc/$pid/cwd).

[akpm@linux-foundation.org: fix warning]
Signed-off-by: Jann Horn <jann@thejh.net>
Acked-by: Kees Cook <keescook@chromium.org>
Cc: Casey Schaufler <casey@schaufler-ca.com>
Cc: Oleg Nesterov <oleg@redhat.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: James Morris <james.l.morris@oracle.com>
Cc: "Serge E. Hallyn" <serge.hallyn@ubuntu.com>
Cc: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: Willy Tarreau <w@1wt.eu>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
8 years agosecurity: let security modules use PTRACE_MODE_* with bitmasks
Jann Horn [Wed, 20 Jan 2016 23:00:01 +0000 (15:00 -0800)]
security: let security modules use PTRACE_MODE_* with bitmasks

It looks like smack and yama weren't aware that the ptrace mode
can have flags ORed into it - PTRACE_MODE_NOAUDIT until now, but
only for /proc/$pid/stat, and with the PTRACE_MODE_*CREDS patch,
all modes have flags ORed into them.

Signed-off-by: Jann Horn <jann@thejh.net>
Acked-by: Kees Cook <keescook@chromium.org>
Acked-by: Casey Schaufler <casey@schaufler-ca.com>
Cc: Oleg Nesterov <oleg@redhat.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: James Morris <james.l.morris@oracle.com>
Cc: "Serge E. Hallyn" <serge.hallyn@ubuntu.com>
Cc: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: Willy Tarreau <w@1wt.eu>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
8 years agoptrace: task_stopped_code(ptrace => true) can't see TASK_STOPPED task
Oleg Nesterov [Wed, 20 Jan 2016 22:59:58 +0000 (14:59 -0800)]
ptrace: task_stopped_code(ptrace => true) can't see TASK_STOPPED task

task_stopped_code()->task_is_stopped_or_traced() doesn't look right, the
traced task must never be TASK_STOPPED.

We can not add WARN_ON(task_is_stopped(p)), but this is only because
do_wait() can race with PTRACE_ATTACH from another thread.

[akpm@linux-foundation.org: teeny cleanup]
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Cc: Andrey Ryabinin <aryabinin@virtuozzo.com>
Cc: Roland McGrath <roland@hack.frob.com>
Acked-by: Tejun Heo <tj@kernel.org>
Cc: Pedro Alves <palves@redhat.com>
Cc: Jan Kratochvil <jan.kratochvil@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
8 years agoptrace: make wait_on_bit(JOBCTL_TRAPPING_BIT) in ptrace_attach() killable
Oleg Nesterov [Wed, 20 Jan 2016 22:59:55 +0000 (14:59 -0800)]
ptrace: make wait_on_bit(JOBCTL_TRAPPING_BIT) in ptrace_attach() killable

ptrace_attach() can hang waiting for STOPPED -> TRACED transition if the
tracee gets frozen in between, change wait_on_bit() to use TASK_KILLABLE.

This doesn't really solve the problem(s) and we probably need to fix the
freezer.  In particular, note that this means that pm freezer will fail if
it races attach-to-stopped-task.

And otoh perhaps we can just remove JOBCTL_TRAPPING_BIT altogether, it is
not clear if we really need to hide this transition from debugger, WNOHANG
after PTRACE_ATTACH can fail anyway if it races with SIGCONT.

Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Reported-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
Cc: Roland McGrath <roland@hack.frob.com>
Acked-by: Tejun Heo <tj@kernel.org>
Cc: Pedro Alves <palves@redhat.com>
Cc: Jan Kratochvil <jan.kratochvil@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
8 years agofat: constify fatent_operations structures
Julia Lawall [Wed, 20 Jan 2016 22:59:52 +0000 (14:59 -0800)]
fat: constify fatent_operations structures

The fatent_operations structures are never modified, so declare them as
const.

Done with the help of Coccinelle.

Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr>
Acked-by: OGAWA Hirofumi <hirofumi@mail.parknet.co.jp>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
8 years agoDocumentation/filesystems/vfat.txt: update the limitation for fat fallocate
Namjae Jeon [Wed, 20 Jan 2016 22:59:49 +0000 (14:59 -0800)]
Documentation/filesystems/vfat.txt: update the limitation for fat fallocate

Update the limitation for fat fallocate.

Signed-off-by: Namjae Jeon <namjae.jeon@samsung.com>
Signed-off-by: Amit Sahrawat <a.sahrawat@samsung.com>
Cc: OGAWA Hirofumi <hirofumi@mail.parknet.co.jp>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
8 years agofat: permit to return phy block number by fibmap in fallocated region
Namjae Jeon [Wed, 20 Jan 2016 22:59:46 +0000 (14:59 -0800)]
fat: permit to return phy block number by fibmap in fallocated region

Make the fibmap call return the proper physical block number for any
offset request in the fallocated range.

Signed-off-by: Namjae Jeon <namjae.jeon@samsung.com>
Signed-off-by: Amit Sahrawat <a.sahrawat@samsung.com>
Cc: OGAWA Hirofumi <hirofumi@mail.parknet.co.jp>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
8 years agofat: skip cluster allocation on fallocated region
Namjae Jeon [Wed, 20 Jan 2016 22:59:43 +0000 (14:59 -0800)]
fat: skip cluster allocation on fallocated region

Skip new cluster allocation after checking i_blocks limit in _fat_get_block,
because the blocks are already allocated in fallocated region.

Signed-off-by: Namjae Jeon <namjae.jeon@samsung.com>
Signed-off-by: Amit Sahrawat <a.sahrawat@samsung.com>
Cc: OGAWA Hirofumi <hirofumi@mail.parknet.co.jp>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
8 years agofat: add fat_fallocate operation
Namjae Jeon [Wed, 20 Jan 2016 22:59:41 +0000 (14:59 -0800)]
fat: add fat_fallocate operation

Implement preallocation via the fallocate syscall on VFAT partitions.
This patch is based on an earlier patch of the same name which had some
issues detailed below and did not get accepted.  Refer
https://lkml.org/lkml/2007/12/22/130.

a) The preallocated space was not persistent when the
   FALLOC_FL_KEEP_SIZE flag was set.  It will deallocate cluster at evict
   time.

b) There was no need to zero out the clusters when the flag was set
   Instead of doing an expanding truncate, just allocate clusters and add
   them to the fat chain.  This reduces preallocation time.

Compatibility with windows:

There are no issues when FALLOC_FL_KEEP_SIZE is not set because it just
does an expanding truncate.  Thus reading from the preallocated area on
windows returns null until data is written to it.

When a file with preallocated area using the FALLOC_FL_KEEP_SIZE was
written to on windows, the windows driver freed-up the preallocated
clusters and allocated new clusters for the new data.  The freed up
clusters gets reflected in the free space available for the partition
which can be seen from the Volume properties.

The windows chkdsk tool also does not report any errors on a disk
containing files with preallocated space.

And there is also no issue using linux fat fsck.  because discard
preallocated clusters at repair time.

Signed-off-by: Namjae Jeon <namjae.jeon@samsung.com>
Signed-off-by: Amit Sahrawat <a.sahrawat@samsung.com>
Cc: OGAWA Hirofumi <hirofumi@mail.parknet.co.jp>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
8 years agofat: add simple validation for directory inode
OGAWA Hirofumi [Wed, 20 Jan 2016 22:59:38 +0000 (14:59 -0800)]
fat: add simple validation for directory inode

This detects simple corruption cases of directory, and tries to avoid
further damage to user data.

And performance impact of this validation should be very low, or not
measurable.

Signed-off-by: OGAWA Hirofumi <hirofumi@mail.parknet.co.jp>
Reported-by: Vegard Nossum <vegard.nossum@oracle.com>
Tested-by: Vegard Nossum <vegard.nossum@oracle.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
8 years agofat: allow time_offset to be up to 24 hours
Jan Kara [Wed, 20 Jan 2016 22:59:35 +0000 (14:59 -0800)]
fat: allow time_offset to be up to 24 hours

Currently we limit values of time_offset mount option to be between -12
and 12 hours.  However e.g.  zone GMT+12 can have a DST correction on top
which makes the total time difference 13 hours.  Update the checks in
mount option parsing to allow offset of upto 24 hours to allow for unusual
cases.

Signed-off-by: Jan Kara <jack@suse.cz>
Reported-by: Volker Kuhlmann <list0570@paradise.net.nz>
Acked-by: OGAWA Hirofumi <hirofumi@mail.parknet.co.jp>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
8 years agofs/hfs/catalog.c: use list_for_each_entry in hfs_cat_delete
Geliang Tang [Wed, 20 Jan 2016 22:59:32 +0000 (14:59 -0800)]
fs/hfs/catalog.c: use list_for_each_entry in hfs_cat_delete

Use list_for_each_entry() instead of list_for_each() to simplify the code.

Signed-off-by: Geliang Tang <geliangtang@163.com>
Reviewed-by: Vyacheslav Dubeyko <slava@dubeyko.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
8 years agoinit/do_mounts: initrd_load() can be boolean
Yaowei Bai [Wed, 20 Jan 2016 22:59:29 +0000 (14:59 -0800)]
init/do_mounts: initrd_load() can be boolean

Make initrd_load() return bool due to this particular function only using
either one or zero as its return value.

No functional change.

Signed-off-by: Yaowei Bai <baiyaowei@cmss.chinamobile.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
8 years agoinit/main.c: obsolete_checksetup can be boolean
Yaowei Bai [Wed, 20 Jan 2016 22:59:27 +0000 (14:59 -0800)]
init/main.c: obsolete_checksetup can be boolean

Make obsolete_checksetup() return bool due to this particular function
only using either one or zero as its return value.

No functional change.

Signed-off-by: Yaowei Bai <baiyaowei@cmss.chinamobile.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
8 years agoepoll: add EPOLLEXCLUSIVE flag
Jason Baron [Wed, 20 Jan 2016 22:59:24 +0000 (14:59 -0800)]
epoll: add EPOLLEXCLUSIVE flag

Currently, epoll file descriptors or epfds (the fd returned from
epoll_create[1]()) that are added to a shared wakeup source are always
added in a non-exclusive manner.  This means that when we have multiple
epfds attached to a shared fd source they are all woken up.  This creates
thundering herd type behavior.

Introduce a new 'EPOLLEXCLUSIVE' flag that can be passed as part of the
'event' argument during an epoll_ctl() EPOLL_CTL_ADD operation.  This new
flag allows for exclusive wakeups when there are multiple epfds attached
to a shared fd event source.

The implementation walks the list of exclusive waiters, and queues an
event to each epfd, until it finds the first waiter that has threads
blocked on it via epoll_wait().  The idea is to search for threads which
are idle and ready to process the wakeup events.  Thus, we queue an event
to at least 1 epfd, but may still potentially queue an event to all epfds
that are attached to the shared fd source.

Performance testing was done by Madars Vitolins using a modified version
of Enduro/X.  The use of the 'EPOLLEXCLUSIVE' flag reduce the length of
this particular workload from 860s down to 24s.

Sample epoll_clt text:

EPOLLEXCLUSIVE

  Sets an exclusive wakeup mode for the epfd file descriptor that is
  being attached to the target file descriptor, fd.  Thus, when an event
  occurs and multiple epfd file descriptors are attached to the same
  target file using EPOLLEXCLUSIVE, one or more epfds will receive an
  event with epoll_wait(2).  The default in this scenario (when
  EPOLLEXCLUSIVE is not set) is for all epfds to receive an event.
  EPOLLEXCLUSIVE may only be specified with the op EPOLL_CTL_ADD.

Signed-off-by: Jason Baron <jbaron@akamai.com>
Tested-by: Madars Vitolins <m@silodev.com>
Cc: Ingo Molnar <mingo@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Al Viro <viro@ftp.linux.org.uk>
Cc: Michael Kerrisk <mtk.manpages@gmail.com>
Cc: Eric Wong <normalperson@yhbt.net>
Cc: Jonathan Corbet <corbet@lwn.net>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Hagen Paul Pfeifer <hagen@jauu.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
8 years agocheckpatch: fix a number of COMPLEX_MACRO false positives
Vladimir Zapolskiy [Wed, 20 Jan 2016 22:59:21 +0000 (14:59 -0800)]
checkpatch: fix a number of COMPLEX_MACRO false positives

A simple search over the kernel souce displays a number of correctly
defined multiline macro, which generally are used as an array element
initializer:

% find ../linux -type f | xargs grep -B1 -H '^[:space]*\[.*\\$'

However checkpatch.pl unexpectedly complains about all these macro
definitions:

% ./scripts/checkpatch.pl --types COMPLEX_MACRO -f include/linux/perf/arm_pmu.h

ERROR: Macros with complex values should be enclosed in parentheses
+#define PERF_MAP_ALL_UNSUPPORTED \
+  [0 ... PERF_COUNT_HW_MAX - 1] = HW_OP_UNSUPPORTED

The change intends to fix this type of false positives by flattening
only array members and skipping array element designators.

Signed-off-by: Vladimir Zapolskiy <vz@mleia.com>
Acked-by: Joe Perches <joe@perches.com>
Cc: Andy Whitcroft <apw@canonical.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
8 years agocheckpatch: improve macros with flow control test
Joe Perches [Wed, 20 Jan 2016 22:59:18 +0000 (14:59 -0800)]
checkpatch: improve macros with flow control test

The current test excludes any macro with ## concatenation from being
reported with hidden flow control.

Some macros are used with return or goto statements along with ##args or
##__VA_ARGS__.  A somewhat common case is a logging macro like
pr_info(fmt, ...) then a return or goto statement.

Check the concatenated variable for args or __VA_ARGS__ and allow those
macros to also be reported when they contain a return or goto.

Signed-off-by: Joe Perches <joe@perches.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
8 years agocheckpatch: warn when casting constants to c90 int or longer types
Joe Perches [Wed, 20 Jan 2016 22:59:15 +0000 (14:59 -0800)]
checkpatch: warn when casting constants to c90 int or longer types

Linus Torvalds wrote:

> I can't but help to react that this:
>  #define IOMMU_ERROR_CODE       (~(unsigned long) 0)
> Not that this *matters*, but it's a bit odd to have to cast constants
> to perfectly regular C types.

So add a test that looks for constants that are cast to
standard C90 int or longer types and suggest using C90
"6.4.4.1 Integer constants" integer-suffixes instead.

Miscellanea:

o Add a --fix option too

Signed-off-by: Joe Perches <joe@perches.com>
Suggested-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
8 years agolib/clz_tab.c: put in lib-y rather than obj-y
Chris Metcalf [Wed, 20 Jan 2016 22:59:12 +0000 (14:59 -0800)]
lib/clz_tab.c: put in lib-y rather than obj-y

The clz table (__clz_tab) in lib/clz_tab.c is also provided as part of
libgcc.a, and many architectures link against libgcc.  To allow the
linker to avoid a multiple-definition link failure, clz_tab.o has to be
in lib/lib.a rather than lib/builtin.o.  The specific issue is that
libgcc.a comes before lib/builtin.o on vmlinux.o's link command line, so
its _clz.o is pulled to satisfy __clz_tab, and then when the remainder
of lib/builtin.o is pulled in to satisfy all the other dependencies, the
__clz_tab symbols conflict.  By putting clz_tab.o in lib.a, the linker
can simply avoid pulling it into vmlinux.o when this situation arises.

The definitions of __clz_tab are the same in libgcc.a and in the kernel;
arguably we could also simply rename the kernel version, but it's
unlikely the libgcc version will ever change to become incompatible, so
just using it seems reasonably safe.

Signed-off-by: Chris Metcalf <cmetcalf@ezchip.com>
Acked-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
8 years agoinclude/linux/radix-tree.h: fix error in docs about locks
Adam Barth [Wed, 20 Jan 2016 22:59:09 +0000 (14:59 -0800)]
include/linux/radix-tree.h: fix error in docs about locks

This text refers to the "first 7 functions", which was correct when
written but became incorrect when Johannes Weiner added another function
to the list in 139e561660fe ("lib: radix_tree: tree node interface").

Change the text to correctly refer to the first 8 functions.

Signed-off-by: Adam Barth <aurorean@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
8 years agotest_hexdump: print statistics at the end
Andy Shevchenko [Wed, 20 Jan 2016 22:59:07 +0000 (14:59 -0800)]
test_hexdump: print statistics at the end

Like others test are doing print the gathered statistics after test module
is finished.  Return from the module based on the result.

Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Acked-by: Rasmus Villemoes <linux@rasmusvillemoes.dk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
8 years agotest_hexdump: test all possible group sizes for overflow
Andy Shevchenko [Wed, 20 Jan 2016 22:59:04 +0000 (14:59 -0800)]
test_hexdump: test all possible group sizes for overflow

Currently the only one combination is tested for overflow, i.e.  rowsize =
16, groupsize = 1, len = 1.  Do various test to go through all possible
branches.

Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Cc: Rasmus Villemoes <linux@rasmusvillemoes.dk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
8 years agotest_hexdump: check all bytes in real buffer
Andy Shevchenko [Wed, 20 Jan 2016 22:59:01 +0000 (14:59 -0800)]
test_hexdump: check all bytes in real buffer

After processing by hex_dump_to_buffer() check all the parts to be expected.

Part 1. The actual expected hex dump with or without ASCII part.

Part 2. Check if the buffer is dirty beyond needed.

Part 3. Return code should be as expected.

This is done by using comparison of the return code and memcmp() against
the test buffer.  We fill the buffer by FILL_CHAR ('#') characters, so, we
expect to have a tail of the buffer will be left untouched.  The
terminating NUL is also checked by memcmp().

Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Cc: Rasmus Villemoes <linux@rasmusvillemoes.dk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
8 years agotest_hexdump: switch to memcmp()
Andy Shevchenko [Wed, 20 Jan 2016 22:58:58 +0000 (14:58 -0800)]
test_hexdump: switch to memcmp()

Better to use memcmp() against entire buffer to check that nothing is
happened to the data in the tail.

Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
8 years agotest_hexdump: replace magic numbers by their meaning
Andy Shevchenko [Wed, 20 Jan 2016 22:58:56 +0000 (14:58 -0800)]
test_hexdump: replace magic numbers by their meaning

The magic numbers of the length are converted to their actual meaning,
such as end of the buffer with and without ASCII part.

We don't touch the rest of the magic constants that will be removed in the
following commits.

Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Cc: Rasmus Villemoes <linux@rasmusvillemoes.dk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
8 years agotest_hexdump: go through all possible lengths of buffer
Andy Shevchenko [Wed, 20 Jan 2016 22:58:53 +0000 (14:58 -0800)]
test_hexdump: go through all possible lengths of buffer

When test for overflow do iterate the buffer length in a range 0 ..
BUF_SIZE.

Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Cc: Rasmus Villemoes <linux@rasmusvillemoes.dk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
8 years agotest_hexdump: define FILL_CHAR constant
Andy Shevchenko [Wed, 20 Jan 2016 22:58:50 +0000 (14:58 -0800)]
test_hexdump: define FILL_CHAR constant

Define a character to fill the test buffers.  Though the character should
be printable since it's used when errors are reported.  It should neither
be from hex digit [a-fA-F0-9] dictionary nor space.  It is recommended not
to use one which is present in ASCII part of the test data.  Later on we
might switch to unprintable character to make test case more robust.

Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Suggested-by: Rasmus Villemoes <linux@rasmusvillemoes.dk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
8 years agotest_hexdump: introduce test_hexdump_prepare_test() helper
Andy Shevchenko [Wed, 20 Jan 2016 22:58:47 +0000 (14:58 -0800)]
test_hexdump: introduce test_hexdump_prepare_test() helper

The function prepares the expected result in the provided buffer.

Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Acked-by: Rasmus Villemoes <linux@rasmusvillemoes.dk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
8 years agotest_hexdump: rename to test_hexdump
Andy Shevchenko [Wed, 20 Jan 2016 22:58:44 +0000 (14:58 -0800)]
test_hexdump: rename to test_hexdump

The test suite currently doesn't cover many corner cases when
hex_dump_to_buffer() runs into overflow.  Refactor and amend test suite
to cover most of the cases.

This patch (of 9):

Just to follow the scheme that most of the test modules are using.

There is no fuctional change.

Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Acked-by: Rasmus Villemoes <linux@rasmusvillemoes.dk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
8 years agodrivers/firmware/broadcom/bcm47xx_nvram.c: use __ioread32_copy() instead of open...
Stephen Boyd [Wed, 20 Jan 2016 22:58:41 +0000 (14:58 -0800)]
drivers/firmware/broadcom/bcm47xx_nvram.c: use __ioread32_copy() instead of open-coding

Now that we have a generic library function for this, replace the
open-coded instance.

Signed-off-by: Stephen Boyd <sboyd@codeaurora.org>
Cc: Hauke Mehrtens <hauke@hauke-m.de>
Cc: <zajec5@gmail.com>
Cc: Paul Walmsley <paul@pwsan.com>
Cc: Bjorn Andersson <bjorn.andersson@sonymobile.com>
Cc: David Howells <dhowells@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
8 years agodrivers/soc/qcom/smd.c: use __ioread32_copy() instead of open-coding it
Stephen Boyd [Wed, 20 Jan 2016 22:58:38 +0000 (14:58 -0800)]
drivers/soc/qcom/smd.c: use __ioread32_copy() instead of open-coding it

Now that we have a generic library function for this, replace the
open-coded instance.

Signed-off-by: Stephen Boyd <sboyd@codeaurora.org>
Reviewed-by: Bjorn Andersson <bjorn.andersson@sonymobile.com>
Cc: <zajec5@gmail.com>
Cc: David Howells <dhowells@redhat.com>
Cc: Hauke Mehrtens <hauke@hauke-m.de>
Cc: Paul Walmsley <paul@pwsan.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
8 years agolib/iomap_copy.c: add __ioread32_copy()
Stephen Boyd [Wed, 20 Jan 2016 22:58:35 +0000 (14:58 -0800)]
lib/iomap_copy.c: add __ioread32_copy()

Some drivers need to read data out of iomem areas 32-bits at a time.
Add an API to do this.

Signed-off-by: Stephen Boyd <sboyd@codeaurora.org>
Cc: Bjorn Andersson <bjorn.andersson@sonymobile.com>
Cc: <zajec5@gmail.com>
Cc: David Howells <dhowells@redhat.com>
Cc: Hauke Mehrtens <hauke@hauke-m.de>
Cc: Paul Walmsley <paul@pwsan.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
8 years agoarch/frv/include/asm/io.h: accept const void pointers for read{b,w,l}()
Stephen Boyd [Wed, 20 Jan 2016 22:58:32 +0000 (14:58 -0800)]
arch/frv/include/asm/io.h: accept const void pointers for read{b,w,l}()

The SMD driver is reading and writing chunks of data to iomem, and
there's an __iowrite32_copy() function for the writing part, but no
__ioread32_copy() function for the reading part.  This series adds
__ioread32_copy() and uses it in two places.

This patch (of 4):

The frv port uses compiler builtins, __builtin_read*(), for the I/O read
routines.  Unfortunately, these don't accept const void pointers although
the generic ASM implementations do, so generic code passing const pointers
to these APIs cause compilers to emit warnings.  Add wrapper functions
that cast away the const to avoid the warnings.

Signed-off-by: Stephen Boyd <sboyd@codeaurora.org>
Cc: David Howells <dhowells@redhat.com>
Cc: <zajec5@gmail.com>
Cc: Bjorn Andersson <bjorn.andersson@sonymobile.com>
Cc: Hauke Mehrtens <hauke@hauke-m.de>
Cc: Paul Walmsley <paul@pwsan.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
8 years agostring_helpers: fix precision loss for some inputs
James Bottomley [Wed, 20 Jan 2016 22:58:29 +0000 (14:58 -0800)]
string_helpers: fix precision loss for some inputs

It was noticed that we lose precision in the final calculation for some
inputs.  The most egregious example is size=3000 blk_size=1900 in units
of 10 should yield 5.70 MB but in fact yields 3.00 MB (oops).

This is because the current algorithm doesn't correctly account for
all the remainders in the logarithms.  Fix this by doing a correct
calculation in the remainders based on napier's algorithm.

Additionally, now we have the correct result, we have to account for
arithmetic rounding because we're printing 3 digits of precision.  This
means that if the fourth digit is five or greater, we have to round up,
so add a section to ensure correct rounding.  Finally account for all
possible inputs correctly, including zero for block size.

Fixes: b9f28d863594c429e1df35a0474d2663ca28b307
Signed-off-by: James Bottomley <JBottomley@Odin.com>
Reported-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Cc: <stable@vger.kernel.org> [delay until after 4.4 release]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
8 years ago./CREDITS: add credit information for Martin Kepplinger
Martin Kepplinger [Wed, 20 Jan 2016 22:58:26 +0000 (14:58 -0800)]
./CREDITS: add credit information for Martin Kepplinger

Signed-off-by: Martin Kepplinger <martink@posteo.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
8 years agoscripts/get_maintainer.pl: handle file names beginning with ./
Joe Perches [Wed, 20 Jan 2016 22:58:24 +0000 (14:58 -0800)]
scripts/get_maintainer.pl: handle file names beginning with ./

The problem is that get_maintainer.pl doesn't work if you have a ./
prefix on the filename.  For example, if you type:

  ./scripts/get_maintainer.pl -f ./drivers/usb/usb-skeleton.c

then the current code only includes LKML and people from the git log, it
doesn't include Greg or the linux-usb list.

Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Cc: Joe Perches <joe@perches.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
8 years agomisc: ibmasm: fix build errors
Randy Dunlap [Wed, 20 Jan 2016 22:58:21 +0000 (14:58 -0800)]
misc: ibmasm: fix build errors

Fix build when CONFIG_SERIAL_8250=m and CONFIG_IBM_ASM=y.

Fixes these build errors:

  drivers/built-in.o: In function `ibmasm_remove_one':
  module.c:(.text+0xf6874): undefined reference to `ibmasm_unregister_uart'
  drivers/built-in.o: In function `ibmasm_init_one':
  module.c:(.text+0xf6c37): undefined reference to `ibmasm_register_uart'

Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Cc: Max Asbock <masbock@us.ibm.com>
Cc: Vernon Mauery <vernux@us.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
8 years agozsmalloc: fix migrate_zspage-zs_free race condition
Junil Lee [Wed, 20 Jan 2016 22:58:18 +0000 (14:58 -0800)]
zsmalloc: fix migrate_zspage-zs_free race condition

record_obj() in migrate_zspage() does not preserve handle's
HANDLE_PIN_BIT, set by find_aloced_obj()->trypin_tag(), and implicitly
(accidentally) un-pins the handle, while migrate_zspage() still performs
an explicit unpin_tag() on the that handle.  This additional explicit
unpin_tag() introduces a race condition with zs_free(), which can pin
that handle by this time, so the handle becomes un-pinned.

Schematically, it goes like this:

  CPU0                                        CPU1
  migrate_zspage
    find_alloced_obj
      trypin_tag
        set HANDLE_PIN_BIT                    zs_free()
                                                pin_tag()
  obj_malloc() -- new object, no tag
  record_obj() -- remove HANDLE_PIN_BIT           set HANDLE_PIN_BIT
  unpin_tag()  -- remove zs_free's HANDLE_PIN_BIT

The race condition may result in a NULL pointer dereference:

  Unable to handle kernel NULL pointer dereference at virtual address 00000000
  CPU: 0 PID: 19001 Comm: CookieMonsterCl Tainted:
  PC is at get_zspage_mapping+0x0/0x24
  LR is at obj_free.isra.22+0x64/0x128
  Call trace:
     get_zspage_mapping+0x0/0x24
     zs_free+0x88/0x114
     zram_free_page+0x64/0xcc
     zram_slot_free_notify+0x90/0x108
     swap_entry_free+0x278/0x294
     free_swap_and_cache+0x38/0x11c
     unmap_single_vma+0x480/0x5c8
     unmap_vmas+0x44/0x60
     exit_mmap+0x50/0x110
     mmput+0x58/0xe0
     do_exit+0x320/0x8dc
     do_group_exit+0x44/0xa8
     get_signal+0x538/0x580
     do_signal+0x98/0x4b8
     do_notify_resume+0x14/0x5c

This patch keeps the lock bit in migration path and update value
atomically.

Signed-off-by: Junil Lee <junil0814.lee@lge.com>
Signed-off-by: Minchan Kim <minchan@kernel.org>
Acked-by: Vlastimil Babka <vbabka@suse.cz>
Cc: Sergey Senozhatsky <sergey.senozhatsky.work@gmail.com>
Cc: <stable@vger.kernel.org> [4.1+]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
8 years agomm: arch: remove duplicate definitions of MADV_FREE
Guenter Roeck [Wed, 20 Jan 2016 22:58:15 +0000 (14:58 -0800)]
mm: arch: remove duplicate definitions of MADV_FREE

Commits 21f55b018ba5 ("arch/*/include/uapi/asm/mman.h: : let MADV_FREE
have same value for all architectures") and ef58978f1eaa ("mm: define
MADV_FREE for some arches") both defined MADV_FREE, but did not use the
same values.  This results in build errors such as

  ./arch/alpha/include/uapi/asm/mman.h:53:0: error: "MADV_FREE" redefined
  ./arch/alpha/include/uapi/asm/mman.h:50:0: note: this is the location of the previous definition

for the affected architectures.

Fixes: 21f55b018ba5 ("arch/*/include/uapi/asm/mman.h: : let MADV_FREE have same value for all architectures")
Fixes: ef58978f1eaa ("mm: define MADV_FREE for some arches")
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Cc: Chen Gang <gang.chen.5i5j@gmail.com>
Cc: Minchan Kim <minchan@kernel.org>
Acked-by: Helge Deller <deller@gmx.de> [parisc]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
8 years agofs/proc/task_mmu.c: add workaround for old compilers
Kirill A. Shutemov [Wed, 20 Jan 2016 22:58:12 +0000 (14:58 -0800)]
fs/proc/task_mmu.c: add workaround for old compilers

For THP=n, HPAGE_PMD_NR in smaps_account() expands to BUILD_BUG().
That's fine since this codepath is eliminated by modern compilers.

But older compilers have not that efficient dead code elimination.  It
causes problem at least with gcc 4.1.2 on m68k:

   fs/built-in.o: In function `smaps_account':
   task_mmu.c:(.text+0x4f8fa): undefined reference to `__compiletime_assert_471'

Let's replace HPAGE_PMD_NR with 1 << compound_order(page).

Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Reported-by: Geert Uytterhoeven <geert@linux-m68k.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
8 years agothp: fix interrupt unsafe locking in split_huge_page()
Kirill A. Shutemov [Wed, 20 Jan 2016 22:58:09 +0000 (14:58 -0800)]
thp: fix interrupt unsafe locking in split_huge_page()

split_queue_lock can be taken from interrupt context in some cases, but
I forgot to convert locking in split_huge_page() to interrupt-safe
primitives.

Let's fix this.

lockdep output:

  ======================================================
  [ INFO: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected ]
  4.4.0+ #259 Tainted: G        W
  ------------------------------------------------------
  syz-executor/18183 [HC0[0]:SC0[2]:HE0:SE0] is trying to acquire:
   (split_queue_lock){+.+...}, at: free_transhuge_page+0x24/0x90 mm/huge_memory.c:3436

  and this task is already holding:
   (slock-AF_INET){+.-...}, at: spin_lock_bh include/linux/spinlock.h:307
   (slock-AF_INET){+.-...}, at: lock_sock_fast+0x45/0x120 net/core/sock.c:2462
  which would create a new lock dependency:
   (slock-AF_INET){+.-...} -> (split_queue_lock){+.+...}

  but this new dependency connects a SOFTIRQ-irq-safe lock:
   (slock-AF_INET){+.-...}
  ... which became SOFTIRQ-irq-safe at:
     mark_irqflags kernel/locking/lockdep.c:2799
     __lock_acquire+0xfd8/0x4700 kernel/locking/lockdep.c:3162
     lock_acquire+0x1dc/0x430 kernel/locking/lockdep.c:3585
     __raw_spin_lock include/linux/spinlock_api_smp.h:144
     _raw_spin_lock+0x33/0x50 kernel/locking/spinlock.c:151
     spin_lock include/linux/spinlock.h:302
     udp_queue_rcv_skb+0x781/0x1550 net/ipv4/udp.c:1680
     flush_stack+0x50/0x330 net/ipv6/udp.c:799
     __udp4_lib_mcast_deliver+0x694/0x7f0 net/ipv4/udp.c:1798
     __udp4_lib_rcv+0x17dc/0x23e0 net/ipv4/udp.c:1888
     udp_rcv+0x21/0x30 net/ipv4/udp.c:2108
     ip_local_deliver_finish+0x2b3/0xa50 net/ipv4/ip_input.c:216
     NF_HOOK_THRESH include/linux/netfilter.h:226
     NF_HOOK include/linux/netfilter.h:249
     ip_local_deliver+0x1c4/0x2f0 net/ipv4/ip_input.c:257
     dst_input include/net/dst.h:498
     ip_rcv_finish+0x5ec/0x1730 net/ipv4/ip_input.c:365
     NF_HOOK_THRESH include/linux/netfilter.h:226
     NF_HOOK include/linux/netfilter.h:249
     ip_rcv+0x963/0x1080 net/ipv4/ip_input.c:455
     __netif_receive_skb_core+0x1620/0x2f80 net/core/dev.c:4154
     __netif_receive_skb+0x2a/0x160 net/core/dev.c:4189
     netif_receive_skb_internal+0x1b5/0x390 net/core/dev.c:4217
     napi_skb_finish net/core/dev.c:4542
     napi_gro_receive+0x2bd/0x3c0 net/core/dev.c:4572
     e1000_clean_rx_irq+0x4e2/0x1100 drivers/net/ethernet/intel/e1000e/netdev.c:1038
     e1000_clean+0xa08/0x24a0 drivers/net/ethernet/intel/e1000/e1000_main.c:3819
     napi_poll net/core/dev.c:5074
     net_rx_action+0x7eb/0xdf0 net/core/dev.c:5139
     __do_softirq+0x26a/0x920 kernel/softirq.c:273
     invoke_softirq kernel/softirq.c:350
     irq_exit+0x18f/0x1d0 kernel/softirq.c:391
     exiting_irq ./arch/x86/include/asm/apic.h:659
     do_IRQ+0x86/0x1a0 arch/x86/kernel/irq.c:252
     ret_from_intr+0x0/0x20 arch/x86/entry/entry_64.S:520
     arch_safe_halt ./arch/x86/include/asm/paravirt.h:117
     default_idle+0x52/0x2e0 arch/x86/kernel/process.c:304
     arch_cpu_idle+0xa/0x10 arch/x86/kernel/process.c:295
     default_idle_call+0x48/0xa0 kernel/sched/idle.c:92
     cpuidle_idle_call kernel/sched/idle.c:156
     cpu_idle_loop kernel/sched/idle.c:252
     cpu_startup_entry+0x554/0x710 kernel/sched/idle.c:300
     rest_init+0x192/0x1a0 init/main.c:412
     start_kernel+0x678/0x69e init/main.c:683
     x86_64_start_reservations+0x2a/0x2c arch/x86/kernel/head64.c:195
     x86_64_start_kernel+0x158/0x167 arch/x86/kernel/head64.c:184

  to a SOFTIRQ-irq-unsafe lock:
   (split_queue_lock){+.+...}
   which became SOFTIRQ-irq-unsafe at:
     mark_irqflags kernel/locking/lockdep.c:2817
     __lock_acquire+0x146e/0x4700 kernel/locking/lockdep.c:3162
     lock_acquire+0x1dc/0x430 kernel/locking/lockdep.c:3585
     __raw_spin_lock include/linux/spinlock_api_smp.h:144
     _raw_spin_lock+0x33/0x50 kernel/locking/spinlock.c:151
     spin_lock include/linux/spinlock.h:302
     split_huge_page_to_list+0xcc0/0x1c50 mm/huge_memory.c:3399
     split_huge_page include/linux/huge_mm.h:99
     queue_pages_pte_range+0xa38/0xef0 mm/mempolicy.c:507
     walk_pmd_range mm/pagewalk.c:50
     walk_pud_range mm/pagewalk.c:90
     walk_pgd_range mm/pagewalk.c:116
     __walk_page_range+0x653/0xcd0 mm/pagewalk.c:204
     walk_page_range+0xfe/0x2b0 mm/pagewalk.c:281
     queue_pages_range+0xfb/0x130 mm/mempolicy.c:687
     migrate_to_node mm/mempolicy.c:1004
     do_migrate_pages+0x370/0x4e0 mm/mempolicy.c:1109
     SYSC_migrate_pages mm/mempolicy.c:1453
     SyS_migrate_pages+0x640/0x730 mm/mempolicy.c:1374
     entry_SYSCALL_64_fastpath+0x16/0x7a arch/x86/entry/entry_64.S:185

  other info that might help us debug this:

   Possible interrupt unsafe locking scenario:

         CPU0                    CPU1
         ----                    ----
    lock(split_queue_lock);
                                 local_irq_disable();
                                 lock(slock-AF_INET);
                                 lock(split_queue_lock);
    <Interrupt>
      lock(slock-AF_INET);

Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Acked-by: David Rientjes <rientjes@google.com>
Reviewed-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
8 years agolib/libcrc32c.c: fix build warning
Jean Delvare [Wed, 20 Jan 2016 22:58:06 +0000 (14:58 -0800)]
lib/libcrc32c.c: fix build warning

Fix the following build warning:

  lib/libcrc32c.c:42:5: warning: no previous prototype for "crc32c" [-Wmissing-prototypes]
   u32 crc32c(u32 crc, const void *address, unsigned int length)
       ^

Signed-off-by: Jean Delvare <jdelvare@suse.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
8 years agoMerge tag 'dmaengine-fix-4.5-rc1' of git://git.infradead.org/users/vkoul/slave-dma
Linus Torvalds [Wed, 20 Jan 2016 18:15:21 +0000 (10:15 -0800)]
Merge tag 'dmaengine-fix-4.5-rc1' of git://git.infradead.org/users/vkoul/slave-dma

Pull dmaengine fixes from Vinod Koul:
 "Here is my second pull request for this window:

  A few driver fixes have piled up and one missed rcar bindings patch
  which got somehow lost in for-linus branch so cherry-picked that one.

  Fixes are for dw, at_hdmac, edma"

* tag 'dmaengine-fix-4.5-rc1' of git://git.infradead.org/users/vkoul/slave-dma:
  dmaengine: rcar-dmac: Document SoC specific bindings
  dmaengine: at_xdmac: fix resume for cyclic transfers
  dmaengine: dw: fix cyclic transfer callbacks
  dmaengine: dw: fix cyclic transfer setup
  dmaengine: edma: Fix paRAM slot allocation for entry channel 0

8 years agoMerge branch 'misc' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild
Linus Torvalds [Wed, 20 Jan 2016 18:10:23 +0000 (10:10 -0800)]
Merge branch 'misc' of git://git./linux/kernel/git/mmarek/kbuild

Pull misc kbuild updates from Michal Marek:
 - Fix for make O=... perf-tar*
 - make tags revamp and fix for the fallout.  Patch for warnings about
   line breaks inside DEFINE_PER_CPU macros is pending
 - New coccinelle test

* 'misc' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild:
  coccinelle: tests: unsigned value cannot be lesser than zero
  tags: Unify emacs and exuberant rules
  tags: Drop the _PE rule
  tags: Do not try to index defconfigs
  tags: Process Kconfig files in a single pass
  tags: Fix erroneous pattern match in a comment
  aic7xxx: Avoid name collision with <linux/list.h>
  tags: Treat header files as C code
  package Makefile: fix perf-tar targets when outdir is set
  scripts/tags.sh: Teach tags about more powerpc macros

8 years agoMerge branch 'kconfig' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild
Linus Torvalds [Wed, 20 Jan 2016 17:55:50 +0000 (09:55 -0800)]
Merge branch 'kconfig' of git://git./linux/kernel/git/mmarek/kbuild

Pull kconfig updates from Michal Marek:
 - Fix for make xconfig segfault
 - Handle long strings in config symbol values
 - Fix for mixing boolean and kconfig ternary type

* 'kconfig' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild:
  kconfig: fix qconf segfault by deleting heap objects
  kconfig: return 'false' instead of 'no' in bool function
  kconfig: allow kconfig to handle longer path names

8 years agoMerge branch 'kbuild' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild
Linus Torvalds [Wed, 20 Jan 2016 17:45:43 +0000 (09:45 -0800)]
Merge branch 'kbuild' of git://git./linux/kernel/git/mmarek/kbuild

Pull kbuild updates from Michal Marek:
 - Make <modname>-m in makefiles work like <modname>-y and fix the
   fallout
 - Minor genksyms fix
 - Fix race with make -j install modules_install
 - Move -Wsign-compare from make W=1 to W=2
 - Other minor fixes

* 'kbuild' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild:
  kbuild: Demote 'sign-compare' warning to W=2
  Makefile: revert "Makefile: Document ability to make file.lst and file.S" partially
  kbuild: Do not run modules_install and install in paralel
  genksyms: Handle string literals with spaces in reference files
  fixdep: constify strrcmp arguments
  ath10k: Fix build with CONFIG_THERMAL=m
  Revert "drm: Hack around CONFIG_AGP=m build failures"
  kbuild: Allow to specify composite modules with modname-m
  staging/ad7606: Actually build the interface modules

8 years agoFRV: Mark architecture orphaned
David Howells [Wed, 20 Jan 2016 10:29:00 +0000 (10:29 +0000)]
FRV: Mark architecture orphaned

Mark the FRV architecture orphaned in the MAINTAINERS file.

Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
8 years agoMAINTAINERS: Update mailing list for Renesas SoC Development
Simon Horman [Mon, 18 Jan 2016 01:04:33 +0000 (10:04 +0900)]
MAINTAINERS: Update mailing list for Renesas SoC Development

Update the mailing list used for development of support for
Renesas SoCs and related drivers.

Up until now the linux-sh mailing list has been used, however,
Renesas SoCs are now much wider than the SH architecture and there
is some desire from some for the linux-sh list to refocus on
discussion of the work on the SH architecture.

Signed-off-by: Simon Horman <horms+renesas@verge.net.au>
Acked-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com>
Acked-by: Magnus Damm <damm@opensource.se>
Acked-by: Geert Uytterhoeven <geert+renesas@glider.be>
Acked-by: Wolfram Sang <wsa+renesas@sang-engineering.com>
Acked-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Acked-by: Rich Felker <dalias@libc.org>
Acked-by: Sergei Shtylyov <sergei.shtylyov@cogentembedded.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
8 years agomm: avoid uninitialized variable in tracepoint
Arnd Bergmann [Mon, 18 Jan 2016 20:50:26 +0000 (21:50 +0100)]
mm: avoid uninitialized variable in tracepoint

A newly added tracepoint in the hugepage code uses a variable in the
error handling that is not initialized at that point:

include/trace/events/huge_memory.h:81:230: error: 'isolated' may be used uninitialized in this function [-Werror=maybe-uninitialized]

The result is relatively harmless, as the trace data will in rare
cases contain incorrect data.

This works around the problem by adding an explicit initialization.

Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Fixes: 7d2eba0557c1 ("mm: add tracepoint for scanning pages")
Reviewed-by: Ebru Akagunduz <ebru.akagunduz@gmail.com>
Acked-by: David Rientjes <rientjes@google.com>
Cc: Kirill A. Shutemov <kirill@shutemov.name>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
8 years agoMerge tag 'platform-drivers-x86-v4.5-1' of git://git.infradead.org/users/dvhart/linux...
Linus Torvalds [Wed, 20 Jan 2016 01:54:15 +0000 (17:54 -0800)]
Merge tag 'platform-drivers-x86-v4.5-1' of git://git.infradead.org/users/dvhart/linux-platform-drivers-x86

Pull x86 platform driver updates from Darren Hart:
 "Add intel punit and telemetry driver for APL SoCs.
  Add intel-hid driver for various laptop hotkey support.
  Add asus-wireless radio control driver.
  Keyboard backlight support/improvements for ThinkPads, Vaio, and Toshiba.
  Several hotkey related fixes and improvements for dell and toshiba.
  Fix oops on dual GPU Macs in apple-gmux.
  A few new device IDs and quirks.
  Various minor config related build issues and cleanups.

  surface pro 4:
   - fix compare_const_fl.cocci warnings
   - Add support for Surface Pro 4 Buttons

  platform/x86:
   - Add Intel Telemetry Debugfs interfaces
   - Add Intel telemetry platform device
   - Add Intel telemetry platform driver
   - Add Intel Telemetry Core Driver
   - add NULL check for input parameters
   - add Intel P-Unit mailbox IPC driver
   - update acpi resource structure for Punit

  thinkpad_acpi:
   - Add support for keyboard backlight

  dell-wmi:
   - Process only one event on devices with interface version 0
   - Check if Dell WMI descriptor structure is valid
   - Improve unknown hotkey handling
   - Use a C99-style array for bios_to_linux_keycode

  tc1100-wmi:
   - fix build warning when CONFIG_PM not enabled

  asus-wireless:
   - Add ACPI HID ATK4001
   - Add Asus Wireless Radio Control driver

  asus-wmi:
   - drop to_platform_driver macro

  intel-hid:
   - new hid event driver for hotkeys

  sony-laptop:
   - Keyboard backlight control for some Vaio Fit models

  ideapad-laptop:
   - Add Lenovo ideapad Y700-17ISK to no_hw_rfkill dmi list

  apple-gmux:
   - Assign apple_gmux_data before registering

  toshiba_acpi:
   - Add rfkill dependency to ACPI_TOSHIBA entry
   - Fix keyboard backlight sysfs entries not being updated
   - Add WWAN RFKill support
   - Add support for WWAN devices
   - Fix blank screen at boot if transflective backlight is supported
   - Propagate the hotkey value via genetlink

  toshiba_bluetooth:
   - Add missing newline in toshiba_bluetooth_present function"

* tag 'platform-drivers-x86-v4.5-1' of git://git.infradead.org/users/dvhart/linux-platform-drivers-x86: (29 commits)
  surface pro 4: fix compare_const_fl.cocci warnings
  surface pro 4: Add support for Surface Pro 4 Buttons
  platform:x86: Add Intel Telemetry Debugfs interfaces
  platform:x86: Add Intel telemetry platform device
  platform:x86: Add Intel telemetry platform driver
  platform/x86: Add Intel Telemetry Core Driver
  intel_punit_ipc: add NULL check for input parameters
  thinkpad_acpi: Add support for keyboard backlight
  dell-wmi: Process only one event on devices with interface version 0
  dell-wmi: Check if Dell WMI descriptor structure is valid
  tc1100-wmi: fix build warning when CONFIG_PM not enabled
  asus-wireless: Add ACPI HID ATK4001
  platform/x86: Add Asus Wireless Radio Control driver
  asus-wmi: drop to_platform_driver macro
  intel-hid: new hid event driver for hotkeys
  Keyboard backlight control for some Vaio Fit models
  platform/x86: Add rfkill dependency to ACPI_TOSHIBA entry
  platform:x86: add Intel P-Unit mailbox IPC driver
  intel_pmc_ipc: update acpi resource structure for Punit
  ideapad-laptop: Add Lenovo ideapad Y700-17ISK to no_hw_rfkill dmi list
  ...

8 years agosurface pro 4: fix compare_const_fl.cocci warnings
Julia Lawall [Sun, 27 Dec 2015 21:10:58 +0000 (22:10 +0100)]
surface pro 4: fix compare_const_fl.cocci warnings

Move constants to the right of binary operators.

Generated by: scripts/coccinelle/misc/compare_const_fl.cocci

CC: Weng Xuetian <wengxt@gmail.com>
Signed-off-by: Fengguang Wu <fengguang.wu@intel.com>
Signed-off-by: Julia Lawall <julia.lawall@lip6.fr>
Signed-off-by: Darren Hart <dvhart@linux.intel.com>
8 years agosurface pro 4: Add support for Surface Pro 4 Buttons
Weng Xuetian [Sun, 17 Jan 2016 23:10:38 +0000 (15:10 -0800)]
surface pro 4: Add support for Surface Pro 4 Buttons

Surface Pro 4 buttons are managed by a device with _HID "MSHW0040"
different from Surface Pro 3.

This commit adds MSHW0040 to id list to support the Surface Pro 4.

Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=109871
Signed-off-by: Weng Xuetian <wengxt@gmail.com>
Acked-by: Chen Yu <yu.c.chen@intel.com>
Signed-off-by: Darren Hart <dvhart@linux.intel.com>
8 years agoplatform:x86: Add Intel Telemetry Debugfs interfaces
Souvik Kumar Chakravarty [Tue, 12 Jan 2016 10:35:14 +0000 (16:05 +0530)]
platform:x86: Add Intel Telemetry Debugfs interfaces

This implements debugfs interfaces for reading the telemetry
samples from SSRAM and configuring firmware trace verbosity.
Interface created under /sys/kernel/debug/telemetry
soc_states: SoC Device and Low Power States
pss_info: Info from the Primary SubSystem
ioss_info: Info from IO SubSusytem
pss_trace_verbosity: Read/Modify PSS F/W trace verbosity
ioss_trace_verbosity: Read/Modify IOSS F/W trace verbosity.

Signed-off-by: Souvik Kumar Chakravarty <souvik.k.chakravarty@intel.com>
Signed-off-by: Darren Hart <dvhart@linux.intel.com>
8 years agoplatform:x86: Add Intel telemetry platform device
Souvik Kumar Chakravarty [Tue, 12 Jan 2016 10:32:54 +0000 (16:02 +0530)]
platform:x86: Add Intel telemetry platform device

Telemetry Device is created by the pmc_ipc driver. Resources
are populated according SSRAM region as indicated by the BIOS tables.

Signed-off-by: Souvik Kumar Chakravarty <souvik.k.chakravarty@intel.com>
Signed-off-by: Darren Hart <dvhart@linux.intel.com>
8 years agoplatform:x86: Add Intel telemetry platform driver
Souvik Kumar Chakravarty [Tue, 12 Jan 2016 10:31:39 +0000 (16:01 +0530)]
platform:x86: Add Intel telemetry platform driver

Telemetry platform driver implements the telemetry interfaces.
Currently it supports ApolloLake. It uses the PUNIT and PMC IPC
interfaces to configure the telemetry samples to read.
The samples are read from a Secure SRAM region.

Signed-off-by: Souvik Kumar Chakravarty <souvik.k.chakravarty@intel.com>
Signed-off-by: Darren Hart <dvhart@linux.intel.com>
8 years agoplatform/x86: Add Intel Telemetry Core Driver
Souvik Kumar Chakravarty [Tue, 12 Jan 2016 10:30:33 +0000 (16:00 +0530)]
platform/x86: Add Intel Telemetry Core Driver

Intel PM Telemetry is a software mechanism via which various SoC
PM and performance related parameters like PM counters, firmware
trace verbosity, the status of different devices inside the SoC, etc.
can be monitored and analyzed. The different samples that may be
monitored can be configured at runtime via exported APIs.

This patch adds the telemetry core driver that implements basic
exported APIs.

Signed-off-by: Souvik Kumar Chakravarty <souvik.k.chakravarty@intel.com>
Signed-off-by: Darren Hart <dvhart@linux.intel.com>
8 years agointel_punit_ipc: add NULL check for input parameters
Qipeng Zha [Fri, 8 Jan 2016 10:32:27 +0000 (18:32 +0800)]
intel_punit_ipc: add NULL check for input parameters

intel_punit_ipc_command() maybe called when in or out
data pointers are NULL.

Signed-off-by: Qipeng Zha <qipeng.zha@intel.com>
Signed-off-by: Darren Hart <dvhart@linux.intel.com>
8 years agothinkpad_acpi: Add support for keyboard backlight
Pali Rohár [Wed, 30 Dec 2015 22:27:41 +0000 (23:27 +0100)]
thinkpad_acpi: Add support for keyboard backlight

This patch adds support for controlling keyboard backlight via standard
linux led class interface (::kbd_backlight). It uses ACPI HKEY device with
MLCG and MLCS methods.

Signed-off-by: Pali Rohár <pali.rohar@gmail.com>
Tested-by: Fabio D'Urso <fabiodurso@hotmail.it>
Acked-by: Henrique de Moraes Holschuh <hmh@hmh.eng.br>
Signed-off-by: Darren Hart <dvhart@linux.intel.com>
8 years agodell-wmi: Process only one event on devices with interface version 0
Pali Rohár [Mon, 4 Jan 2016 21:26:36 +0000 (22:26 +0100)]
dell-wmi: Process only one event on devices with interface version 0

BIOS/ACPI on devices with WMI interface version 0 does not clear buffer
before filling it. So next time when BIOS/ACPI send WMI event which is
smaller as previous then it contains garbage in buffer from previous event.

BIOS/ACPI on devices with WMI interface version 1 clears buffer and
sometimes send more events in buffer at one call.

Since commit 83fc44c32ad8 ("dell-wmi: Update code for processing WMI
events") dell-wmi process all events in buffer (and not just first).

To prevent reading garbage from the buffer we process only the first
event on devices with WMI interface version 0.

Signed-off-by: Pali Rohár <pali.rohar@gmail.com>
Tested-by: Gabriele Mazzotta <gabriele.mzt@gmail.com>
Signed-off-by: Darren Hart <dvhart@linux.intel.com>
8 years agodell-wmi: Check if Dell WMI descriptor structure is valid
Pali Rohár [Mon, 4 Jan 2016 21:26:35 +0000 (22:26 +0100)]
dell-wmi: Check if Dell WMI descriptor structure is valid

After examining existing DSDT ACPI tables of more laptops and looking
into Dell WMI document mentioned in ML dicussion archived at
http://www.spinics.net/lists/platform-driver-x86/msg07220.html we will
parse and check WMI descriptor if contains expected data. It is because
WMI descriptor contains interface version number and it is needed to
know in next commit.

Signed-off-by: Pali Rohár <pali.rohar@gmail.com>
Tested-by: Gabriele Mazzotta <gabriele.mzt@gmail.com>
Signed-off-by: Darren Hart <dvhart@linux.intel.com>
8 years agotc1100-wmi: fix build warning when CONFIG_PM not enabled
Colin Ian King [Wed, 6 Jan 2016 18:02:59 +0000 (18:02 +0000)]
tc1100-wmi: fix build warning when CONFIG_PM not enabled

Conditionally declare suspend_data on CONFIG_PM to avoid
the following warning when CONFIG_OM is not enabled:

drivers/platform/x86/tc1100-wmi.c:55:27: warning:
  'suspend_data' defined but not used [-Wunused-variable]

Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Darren Hart <dvhart@linux.intel.com>
8 years agoasus-wireless: Add ACPI HID ATK4001
João Paulo Rechi Vita [Tue, 5 Jan 2016 13:26:01 +0000 (08:26 -0500)]
asus-wireless: Add ACPI HID ATK4001

As reported in https://bugzilla.kernel.org/show_bug.cgi?id=98931#c22 in
the Asus UX31A the Asus Wireless Radio Control device (ASHS) uses the
HID "ATK4001".

Signed-off-by: João Paulo Rechi Vita <jprvita@endlessm.com>
Reported-by: Tasev Nikola <tasev.stefanoska@skynet.be>
Signed-off-by: Darren Hart <dvhart@linux.intel.com>
8 years agoplatform/x86: Add Asus Wireless Radio Control driver
João Paulo Rechi Vita [Tue, 5 Jan 2016 16:16:53 +0000 (11:16 -0500)]
platform/x86: Add Asus Wireless Radio Control driver

Some Asus notebooks like the Asus E202SA and the Asus X555UB have a
separate ACPI device for notifications from the airplane mode hotkey.
This device is called "Wireless Radio Control" in Asus websites and ASHS
in the DSDT, and its ACPI _HID is ATK4002 in the two models mentioned
above.

For these models, when the airplane mode hotkey (Fn+F2) is pressed, a
query 0x0B is started in the Embedded Controller, and all this query does
is a notify ASHS with the value 0x88 (for acpi_osi >= "Windows 2012"):

Scope (_SB.PCI0.SBRG.EC0)
{
(...)
Method (_Q0B, 0, NotSerialized)  // _Qxx: EC Query
{
If ((MSOS () >= OSW8))
{
Notify (ASHS, 0x88) // Device-Specific
}
Else
{
(...)
}
}
}

Signed-off-by: João Paulo Rechi Vita <jprvita@endlessm.com>
Reviewed-by: Andy Shevchenko <andy.shevchenko@gmail.com>
Signed-off-by: Darren Hart <dvhart@linux.intel.com>
8 years agoasus-wmi: drop to_platform_driver macro
Geliang Tang [Tue, 22 Dec 2015 14:16:13 +0000 (22:16 +0800)]
asus-wmi: drop to_platform_driver macro

to_platform_driver has been defined in platform_device.h, so drop
this repetitive macro in asus-wmi.c.

Signed-off-by: Geliang Tang <geliangtang@163.com>
Signed-off-by: Darren Hart <dvhart@linux.intel.com>
8 years agointel-hid: new hid event driver for hotkeys
Alex Hung [Fri, 18 Dec 2015 15:31:10 +0000 (23:31 +0800)]
intel-hid: new hid event driver for hotkeys

This driver supports various HID events including hotkeys.
Dell XPS 13 9350 requires it for the wireless hotkey.

Signed-off-by: Alex Hung <alex.hung@canonical.com>
Reviewed-and-tested-by: Andy Lutomirski <luto@kernel.org>
[dvhart: Kconfig help typo fix and INPUT_SPARSEKMAP fix from Sedat Dilek]

Signed-off-by: Darren Hart <dvhart@linux.intel.com>
8 years agoMerge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris...
Linus Torvalds [Wed, 20 Jan 2016 00:02:31 +0000 (16:02 -0800)]
Merge branch 'for-linus' of git://git./linux/kernel/git/jmorris/linux-security

Pull security subsystem update from James Morris:
 "A CVE fix and a maintainers file update"

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
  KEYS: Fix keyring ref leak in join_session_keyring()
  Fix the MAINTAINERS record for the certs/ directory

8 years agoKEYS: Fix keyring ref leak in join_session_keyring()
Yevgeny Pats [Tue, 19 Jan 2016 22:09:04 +0000 (22:09 +0000)]
KEYS: Fix keyring ref leak in join_session_keyring()

This fixes CVE-2016-0728.

If a thread is asked to join as a session keyring the keyring that's already
set as its session, we leak a keyring reference.

This can be tested with the following program:

#include <stddef.h>
#include <stdio.h>
#include <sys/types.h>
#include <keyutils.h>

int main(int argc, const char *argv[])
{
int i = 0;
key_serial_t serial;

serial = keyctl(KEYCTL_JOIN_SESSION_KEYRING,
"leaked-keyring");
if (serial < 0) {
perror("keyctl");
return -1;
}

if (keyctl(KEYCTL_SETPERM, serial,
   KEY_POS_ALL | KEY_USR_ALL) < 0) {
perror("keyctl");
return -1;
}

for (i = 0; i < 100; i++) {
serial = keyctl(KEYCTL_JOIN_SESSION_KEYRING,
"leaked-keyring");
if (serial < 0) {
perror("keyctl");
return -1;
}
}

return 0;
}

If, after the program has run, there something like the following line in
/proc/keys:

3f3d898f I--Q---   100 perm 3f3f0000     0     0 keyring   leaked-keyring: empty

with a usage count of 100 * the number of times the program has been run,
then the kernel is malfunctioning.  If leaked-keyring has zero usages or
has been garbage collected, then the problem is fixed.

Reported-by: Yevgeny Pats <yevgeny@perception-point.io>
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Don Zickus <dzickus@redhat.com>
Acked-by: Prarit Bhargava <prarit@redhat.com>
Acked-by: Jarod Wilson <jarod@redhat.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
8 years agoKeyboard backlight control for some Vaio Fit models
Mattia Dongili [Tue, 15 Dec 2015 05:12:32 +0000 (21:12 -0800)]
Keyboard backlight control for some Vaio Fit models

SVF1521P6EW, SVF1521DCXW, SVF13N1L2ES and likely most SVF*.
do not expose separate timeout controls in auto mode.

Signed-off-by: Dominik Matta <dominik@matta.sk>
Signed-off-by: Mattia Dongili <malattia@linux.it>
Signed-off-by: Darren Hart <dvhart@linux.intel.com>