Seung-Woo Kim [Tue, 17 Dec 2019 03:56:03 +0000 (12:56 +0900)]
misc: modem_if: fix array-bounds in memcpy usage
Fix array-bounds in memcpy usage by using bit size macro in size.
It is fixed as like tw3 kernel:
https://git.tizen.org/cgit/profile/wearable/platform/kernel/linux-4.9-exynos9110/tree/drivers/misc/modem_v1/modem_main.c?h=tizen
Change-Id: Ie764e76c6eedcb696113837408a9994df6996bec
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Seung-Woo Kim [Tue, 17 Dec 2019 03:50:05 +0000 (12:50 +0900)]
soc: samsung: pwrcal: fix not to calculate array size from null
Calculating array size from null causes sizeof-pointer-div warning.
Fix not to calculate array size from null by adding pll macro
without table.
Change-Id: I0b403f7c8ec15f8fdcd928d683fd61b50b8eda28
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Seung-Woo Kim [Tue, 17 Dec 2019 03:17:19 +0000 (12:17 +0900)]
net: bcmdhd: Fix sizeof-pointer-memaccess in memcpy usage
There is sizeof-pointer-memaccess warning in memcpy usage because
source size is used. Fix it by using destination size explcitly.
Change-Id: I2d627ea9bac1e5445cd6e0ae78166c75f5ffd711
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Seung-Woo Kim [Tue, 17 Dec 2019 03:11:29 +0000 (12:11 +0900)]
net: bcmdhd: Fix string concatenate with strncat()
There is stringop-overflow warning to use strncat and bound check
for buffer size for the string is already done. Fix string
concatenate with strncat() by replacing with strcat().
Change-Id: I94a75bab9a4e62da4b8796cf3ae223ce8f1f715a
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Kees Cook [Tue, 6 Jun 2017 04:52:30 +0000 (21:52 -0700)]
arm64, vdso: Define vdso_{start,end} as array
Adjust vdso_{start|end} to be char arrays to avoid compile-time analysis
that flags "too large" memcmp() calls with CONFIG_FORTIFY_SOURCE.
Cc: Jisheng Zhang <jszhang@marvell.com>
Acked-by: Catalin Marinas <catalin.marinas@arm.com>
Suggested-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Will Deacon <will.deacon@arm.com>
[sw0312.kim: backport mainline commit
dbbb08f500d6 for gcc 9 build]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Change-Id: I7ef86193bc381f327a53da8a4ddbe3e282b1c07d
Arnd Bergmann [Thu, 14 Dec 2017 23:32:41 +0000 (15:32 -0800)]
exec: avoid gcc-8 warning for get_task_comm
commit
3756f6401c302617c5e091081ca4d26ab604bec5 upstream.
gcc-8 warns about using strncpy() with the source size as the limit:
fs/exec.c:1223:32: error: argument to 'sizeof' in 'strncpy' call is the same expression as the source; did you mean to use the size of the destination? [-Werror=sizeof-pointer-memaccess]
This is indeed slightly suspicious, as it protects us from source
arguments without NUL-termination, but does not guarantee that the
destination is terminated.
This keeps the strncpy() to ensure we have properly padded target
buffer, but ensures that we use the correct length, by passing the
actual length of the destination buffer as well as adding a build-time
check to ensure it is exactly TASK_COMM_LEN.
There are only 23 callsites which I all reviewed to ensure this is
currently the case. We could get away with doing only the check or
passing the right length, but it doesn't hurt to do both.
Link: http://lkml.kernel.org/r/20171205151724.1764896-1-arnd@arndb.de
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Suggested-by: Kees Cook <keescook@chromium.org>
Acked-by: Kees Cook <keescook@chromium.org>
Acked-by: Ingo Molnar <mingo@kernel.org>
Cc: Alexander Viro <viro@zeniv.linux.org.uk>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Serge Hallyn <serge@hallyn.com>
Cc: James Morris <james.l.morris@oracle.com>
Cc: Aleksa Sarai <asarai@suse.de>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: Frederic Weisbecker <frederic@kernel.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[sw0312.kim: cherry-pick stable linux-3.18.y commit
8b0673c3f698 for gcc 9 build]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Change-Id: I45c39936e1ae9ba78ed70165c687276ffd4f9cf3
Xiongfeng Wang [Thu, 11 Jan 2018 09:22:29 +0000 (17:22 +0800)]
Kbuild: suppress packed-not-aligned warning for default setting only
commit
321cb0308a9e76841394b4bbab6a1107cfedbae0 upstream.
gcc-8 reports many -Wpacked-not-aligned warnings. The below are some
examples.
./include/linux/ceph/msgr.h:67:1: warning: alignment 1 of 'struct
ceph_entity_addr' is less than 8 [-Wpacked-not-aligned]
} __attribute__ ((packed));
./include/linux/ceph/msgr.h:67:1: warning: alignment 1 of 'struct
ceph_entity_addr' is less than 8 [-Wpacked-not-aligned]
} __attribute__ ((packed));
./include/linux/ceph/msgr.h:67:1: warning: alignment 1 of 'struct
ceph_entity_addr' is less than 8 [-Wpacked-not-aligned]
} __attribute__ ((packed));
This patch suppresses this kind of warnings for default setting.
Signed-off-by: Xiongfeng Wang <xiongfeng.wang@linaro.org>
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[sw0312.kim: cherry-pick stable linux-3.18.y commit
7b1fe42a5e15 for gcc 9 build]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Change-Id: Id1e9b809a6b71bfca34221617e3fed3e2a379abc
Stephen Rothwell [Thu, 30 Aug 2018 21:47:28 +0000 (07:47 +1000)]
disable stringop truncation warnings for now
commit
217c3e0196758662aa0429863b09d1c13da1c5d6 upstream.
They are too noisy
Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[sw0312.kim: cherry-pick stable linux-3.18.y commit
de050e1a28fe for gcc 9 build]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Change-Id: I8b734501ad0e49aebb30feb3c066f6b16b435465
Nathan Chancellor [Sat, 2 Jun 2018 16:02:09 +0000 (09:02 -0700)]
kconfig: Avoid format overflow warning from GCC 8.1
commit
2ae89c7a82ea9d81a19b4fc2df23bef4b112f24e upstream.
In file included from scripts/kconfig/zconf.tab.c:2485:
scripts/kconfig/confdata.c: In function ‘conf_write’:
scripts/kconfig/confdata.c:773:22: warning: ‘%s’ directive writing likely 7 or more bytes into a region of size between 1 and 4097 [-Wformat-overflow=]
sprintf(newname, "%s%s", dirname, basename);
^~
scripts/kconfig/confdata.c:773:19: note: assuming directive output of 7 bytes
sprintf(newname, "%s%s", dirname, basename);
^~~~~~
scripts/kconfig/confdata.c:773:2: note: ‘sprintf’ output 1 or more bytes (assuming 4104) into a destination of size 4097
sprintf(newname, "%s%s", dirname, basename);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
scripts/kconfig/confdata.c:776:23: warning: ‘.tmpconfig.’ directive writing 11 bytes into a region of size between 1 and 4097 [-Wformat-overflow=]
sprintf(tmpname, "%s.tmpconfig.%d", dirname, (int)getpid());
^~~~~~~~~~~
scripts/kconfig/confdata.c:776:3: note: ‘sprintf’ output between 13 and 4119 bytes into a destination of size 4097
sprintf(tmpname, "%s.tmpconfig.%d", dirname, (int)getpid());
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Increase the size of tmpname and newname to make GCC happy.
Cc: stable@vger.kernel.org
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[sw0312.kim: cherry-pick stable linux-3.18.y commit
1eb9d79208d9 for gcc 9 build]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Change-Id: I985a9df8a2e73f0e2d2e847455cbea37a6fd1581
Arnd Bergmann [Thu, 26 Jul 2018 08:13:22 +0000 (10:13 +0200)]
turn off -Wattribute-alias
Starting with gcc-8.1, we get a warning about all system call definitions,
which use an alias between functions with incompatible prototypes, e.g.:
In file included from ../mm/process_vm_access.c:19:
../include/linux/syscalls.h:211:18: warning: 'sys_process_vm_readv' alias between functions of incompatible types 'long int(pid_t, const struct iovec *, long unsigned int, const struct iovec *, long unsigned int, long unsigned int)' {aka 'long int(int, const struct iovec *, long unsigned int, const struct iovec *, long unsigned int, long unsigned int)'} and 'long int(long int, long int, long int, long int, long int, long int)' [-Wattribute-alias]
asmlinkage long sys##name(__MAP(x,__SC_DECL,__VA_ARGS__)) \
^~~
../include/linux/syscalls.h:207:2: note: in expansion of macro '__SYSCALL_DEFINEx'
__SYSCALL_DEFINEx(x, sname, __VA_ARGS__)
^~~~~~~~~~~~~~~~~
../include/linux/syscalls.h:201:36: note: in expansion of macro 'SYSCALL_DEFINEx'
#define SYSCALL_DEFINE6(name, ...) SYSCALL_DEFINEx(6, _##name, __VA_ARGS__)
^~~~~~~~~~~~~~~
../mm/process_vm_access.c:300:1: note: in expansion of macro 'SYSCALL_DEFINE6'
SYSCALL_DEFINE6(process_vm_readv, pid_t, pid, const struct iovec __user *, lvec,
^~~~~~~~~~~~~~~
../include/linux/syscalls.h:215:18: note: aliased declaration here
asmlinkage long SyS##name(__MAP(x,__SC_LONG,__VA_ARGS__)) \
^~~
../include/linux/syscalls.h:207:2: note: in expansion of macro '__SYSCALL_DEFINEx'
__SYSCALL_DEFINEx(x, sname, __VA_ARGS__)
^~~~~~~~~~~~~~~~~
../include/linux/syscalls.h:201:36: note: in expansion of macro 'SYSCALL_DEFINEx'
#define SYSCALL_DEFINE6(name, ...) SYSCALL_DEFINEx(6, _##name, __VA_ARGS__)
^~~~~~~~~~~~~~~
../mm/process_vm_access.c:300:1: note: in expansion of macro 'SYSCALL_DEFINE6'
SYSCALL_DEFINE6(process_vm_readv, pid_t, pid, const struct iovec __user *, lvec,
This is really noisy and does not indicate a real problem. In the latest
mainline kernel, this was addressed by commit
bee20031772a ("disable
-Wattribute-alias warning for SYSCALL_DEFINEx()"), which seems too invasive
to backport.
This takes a much simpler approach and just disables the warning across the
kernel.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[sw0312.kim: cherry-pick stable linux-3.18.y commit
430c3fdb11ec for gcc 9 build]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Change-Id: I18d0920c376b6c98533703611b4baa46e2c3756a
Ard Biesheuvel [Thu, 2 Feb 2017 18:05:26 +0000 (18:05 +0000)]
log2: make order_base_2() behave correctly on const input value zero
commit
29905b52fad0854351f57bab867647e4982285bf upstream.
The function order_base_2() is defined (according to the comment block)
as returning zero on input zero, but subsequently passes the input into
roundup_pow_of_two(), which is explicitly undefined for input zero.
This has gone unnoticed until now, but optimization passes in GCC 7 may
produce constant folded function instances where a constant value of
zero is passed into order_base_2(), resulting in link errors against the
deliberately undefined '____ilog2_NaN'.
So update order_base_2() to adhere to its own documented interface.
[ See
http://marc.info/?l=linux-kernel&m=
147672952517795&w=2
and follow-up discussion for more background. The gcc "optimization
pass" is really just broken, but now the GCC trunk problem seems to
have escaped out of just specially built daily images, so we need to
work around it in mainline. - Linus ]
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[sw0312.kim: cherry-pick stable linux-3.18.y commit
9fc9f9a8df55 for gcc 9 build]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Change-Id: I0e7956187e41545bbe9ece88dedef91436c876e9
Linus Torvalds [Thu, 2 Mar 2017 20:17:22 +0000 (12:17 -0800)]
give up on gcc ilog2() constant optimizations
commit
474c90156c8dcc2fa815e6716cc9394d7930cb9c upstream.
gcc-7 has an "optimization" pass that completely screws up, and
generates the code expansion for the (impossible) case of calling
ilog2() with a zero constant, even when the code gcc compiles does not
actually have a zero constant.
And we try to generate a compile-time error for anybody doing ilog2() on
a constant where that doesn't make sense (be it zero or negative). So
now gcc7 will fail the build due to our sanity checking, because it
created that constant-zero case that didn't actually exist in the source
code.
There's a whole long discussion on the kernel mailing about how to work
around this gcc bug. The gcc people themselevs have discussed their
"feature" in
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=72785
but it's all water under the bridge, because while it looked at one
point like it would be solved by the time gcc7 was released, that was
not to be.
So now we have to deal with this compiler braindamage.
And the only simple approach seems to be to just delete the code that
tries to warn about bad uses of ilog2().
So now "ilog2()" will just return 0 not just for the value 1, but for
any non-positive value too.
It's not like I can recall anybody having ever actually tried to use
this function on any invalid value, but maybe the sanity check just
meant that such code never made it out in public.
Reported-by: Laura Abbott <labbott@redhat.com>
Cc: John Stultz <john.stultz@linaro.org>,
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[sw0312.kim: cherry-pick stable linux-3.18.y commit
2143e71aafc6 for gcc 9 build]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Change-Id: I76aba1186921a6771099bdb94bb5917d13383707
Seung-Woo Kim [Tue, 19 Nov 2019 01:21:01 +0000 (10:21 +0900)]
[LOCAL] arm64/ptrace: Add compat FPR register support
From aarch32 ptrace view, fpr register support is done with vfp
registers. As like aarch32 ptrace view, Add to suppot compat fpr
resister with vfp.
Change-Id: Iac60d4fe53182b901b3cc7956695fced00018487
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Dave Martin [Wed, 18 Jan 2017 16:25:22 +0000 (16:25 +0000)]
arm64/ptrace: Preserve previous registers for short regset write - 3
commit
a672401c00f82e4e19704aff361d9bad18003714 upstream.
Ensure that if userspace supplies insufficient data to
PTRACE_SETREGSET to fill all the registers, the thread's old
registers are preserved.
Fixes:
5d220ff9420f ("arm64: Better native ptrace support for compat tasks")
Signed-off-by: Dave Martin <Dave.Martin@arm.com>
Acked-by: Will Deacon <Will.Deacon@arm.com>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[sw0312.kim: backport linux-4.9.y stable commit for better compat ptrace]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Change-Id: Iecc750ebece962708c77457c790b1ecdac69dee9
Dave Martin [Wed, 18 Jan 2017 16:25:21 +0000 (16:25 +0000)]
arm64/ptrace: Preserve previous registers for short regset write - 2
commit
9dd73f72f218320c6c90da5f834996e7360dc227 upstream.
Ensure that if userspace supplies insufficient data to
PTRACE_SETREGSET to fill all the registers, the thread's old
registers are preserved.
Fixes:
766a85d7bc5d ("arm64: ptrace: add NT_ARM_SYSTEM_CALL regset")
Signed-off-by: Dave Martin <Dave.Martin@arm.com>
Acked-by: Will Deacon <Will.Deacon@arm.com>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[sw0312.kim: backport linux-4.9.y stable commit for better compat ptrace]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Change-Id: Ibc586abfaf04a3466cdb093f1f76962c8071f797
Dave Martin [Wed, 18 Jan 2017 16:25:20 +0000 (16:25 +0000)]
arm64/ptrace: Preserve previous registers for short regset write
commit
9a17b876b573441bfb3387ad55d98bf7184daf9d upstream.
Ensure that if userspace supplies insufficient data to
PTRACE_SETREGSET to fill all the registers, the thread's old
registers are preserved.
Fixes:
478fcb2cdb23 ("arm64: Debugging support")
Signed-off-by: Dave Martin <Dave.Martin@arm.com>
Acked-by: Will Deacon <Will.Deacon@arm.com>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[sw0312.kim: backport linux-4.9.y stable commit for better compat ptrace]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Change-Id: I1de80715bf95f909290dd04546d8cd6eb2413598
Catalin Marinas [Tue, 14 Jul 2015 15:20:17 +0000 (16:20 +0100)]
arm64: Better native ptrace support for compat tasks
The compat ptrace interface allows access to the TLS register, hardware
breakpoints and watchpoints, syscall number. However, a native task
using the native ptrace interface to debug compat tasks (e.g. multi-arch
gdb) only has access to the general and VFP register sets. The compat
ptrace interface cannot be accessed from a native task.
This patch adds a new user_aarch32_ptrace_view which contains the TLS,
hardware breakpoint/watchpoint and syscall number regsets in addition to
the existing GPR and VFP regsets. This view is backwards compatible with
the previous kernels. Core dumping of 32-bit tasks and compat ptrace are
not affected since the original user_aarch32_view is preserved.
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Reported-by: Yao Qi <yao.qi@arm.com>
Cc: Will Deacon <will.deacon@arm.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
[sw0312.kim: backport mainline commit
5d220ff9420f for better compat ptrace]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Change-Id: If027981a787610a0fa01389280f5d63e0c0c8e80
Seung-Woo Kim [Wed, 11 Dec 2019 00:57:56 +0000 (09:57 +0900)]
[LOCAL] arm64: perf: Report arm pc registers for compat perf
If perf is built as arm 32-bit, it only reads 15 registers as arm
32-bit register map and this breaks dwarf call-chain in compat
perf because pc register information is not filled.
Report arm pc registers for 32-bit compat perf.
Without this, arm 32-bit perf dwarf call-graph shows below
verbose message:
unwind: reg 15, val 0
unwind: reg 13, val
ffbc6360
unwind: no map for 0
Posted to mainline[1] but never merged.
[1]: https://patchwork.kernel.org/patch/
11238463/
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Change-Id: I84edf124ba4443d70654242bca6f23e9242546cb
Seung-Woo Kim [Wed, 31 Jul 2019 06:55:16 +0000 (15:55 +0900)]
arm64: tizen_tw2_defconfig: MATCH_OWNER xtables
Enable the NETFILTER_XT_MATCH_OWNER config option to use xt_owner
supplementary groups.
Change-Id: I7c898c49c15d5c61e235920a218ebe12b1375ed0
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Lukasz Pawelczyk [Mon, 29 Jul 2019 11:43:12 +0000 (13:43 +0200)]
netfilter: xt_owner: A fix for backport of 'xt_owner: Add supplementary groups option'
This patch fixes the backport of 'netfilter: xt_owner: Add
supplementary groups option' (
69a070c54920).
Change-Id: Id8f415cd3e15a21a64bc767131f3890594e06572
Signed-off-by: Lukasz Pawelczyk <l.pawelczyk@samsung.com>
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Seung-Woo Kim [Thu, 4 Jul 2019 07:43:42 +0000 (16:43 +0900)]
Revert "Revert "exec: Ensure mm->user_ns contains the execed files""
This reverts commit
bbfdec4e6db8c7d95cb5a370f393ad872bbd608a.
The last backport calls improperly would_dump() after calling
exec_binprm() and it causes NULL pointer deference. Fix the issue
by moving would_dump() to proper position.
Change-Id: Ia957cda5d4126675ea18fc095e273f43d2f5dcd5
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Pablo Neira Ayuso [Fri, 7 Jun 2019 14:37:30 +0000 (16:37 +0200)]
netfilter: xt_owner: bail out with EINVAL in case of unsupported flags
Reject flags that are not supported with EINVAL.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
[sw0312.kim: backport from mainline to apply supplementary groups on netfilter]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Change-Id: I2ab809e6b7e3823e3fd3af053348dac9af009cca
Lukasz Pawelczyk [Fri, 10 May 2019 11:46:22 +0000 (13:46 +0200)]
netfilter: xt_owner: Add supplementary groups option
The XT_OWNER_SUPPL_GROUPS flag causes GIDs specified with XT_OWNER_GID
to be also checked in the supplementary groups of a process.
f_cred->group_info cannot be modified during its lifetime and f_cred
holds a reference to it so it's safe to use.
Signed-off-by: Lukasz Pawelczyk <l.pawelczyk@samsung.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
[sw0312.kim: backport from mainline to apply supplementary groups on netfilter]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Change-Id: I7b56e3ca91f0632cb995cc1039a46a06717c77f3
Seung-Woo Kim [Thu, 21 Mar 2019 01:22:37 +0000 (10:22 +0900)]
Revert "exec: Ensure mm->user_ns contains the execed files"
This reverts commit
92c624bbcc160397fcd6127cdbece1f0f20a2b97.
It was backported for fixing smack deny issue for user process
exec from kthread, but this series causes unexpected NULL pointer
deference as like following so rervert:
Unable to handle kernel NULL pointer dereference at virtual address
000002e8
pgd =
ffffffc0127b6000
[
000002e8] *pgd=
00000000527b7003, *pud=
00000000527b7003, *pmd=
0800000049c67003, *pte=
0000000000000000
------------[ cut here ]------------
Kernel BUG at
ffffffc00018b4e4 [verbose debug info unavailable]
Internal error: Oops - BUG:
96000007 [#1] PREEMPT SMP
[...]
PC is at would_dump+0x3c/0x9c
LR is at would_dump+0x28/0x9c
[...]
Call trace:
[<
ffffffc00018b4e4>] would_dump+0x3c/0x9c
[<
ffffffc00018cd44>] do_execve_common.isra.15+0x4c8/0x568
[<
ffffffc00018d038>] compat_SyS_execve+0x28/0x3c
Code:
b940daa0 32000000 b900daa0 f9404aa0 (
f9417416)
---[ end trace
ddbe8141f552b6aa ]---
Change-Id: Ic520eb2a9936ff55e8551ef2af90b9986a3f1aba
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Seung-Woo Kim [Wed, 27 Feb 2019 01:42:30 +0000 (10:42 +0900)]
input: tizen_detent: apply open/close to support enabled sysfs node
To support input device enabled sysfs node functionality, apply
open/close operation as like TW3.
NOTE: the operation code is from drivers/input/misc/tizen_bezel.c
of profile/wearable/platform/kernel/linux-4.9-exynos9110 git tree.
Change-Id: I92e95658677556185626bd2ebf6014ef00b1dafb
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Eric W. Biederman [Thu, 17 Nov 2016 04:06:51 +0000 (22:06 -0600)]
exec: Ensure mm->user_ns contains the execed files
commit
f84df2a6f268de584a201e8911384a2d244876e3 upstream.
When the user namespace support was merged the need to prevent
ptrace from revealing the contents of an unreadable executable
was overlooked.
Correct this oversight by ensuring that the executed file
or files are in mm->user_ns, by adjusting mm->user_ns.
Use the new function privileged_wrt_inode_uidgid to see if
the executable is a member of the user namespace, and as such
if having CAP_SYS_PTRACE in the user namespace should allow
tracing the executable. If not update mm->user_ns to
the parent user namespace until an appropriate parent is found.
Reported-by: Jann Horn <jann@thejh.net>
Fixes:
9e4a36ece652 ("userns: Fail exec for suid and sgid binaries with ids outside our user namespace.")
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[sw0312.kim: backport linux-4.4.y commit
b35f34f66943 to resolve smack permission deny issue in cgroup_release_agent kthread]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Change-Id: Iafbc32f9c5cc7f4c963876bd30a65be87646b207
Eric W. Biederman [Fri, 14 Oct 2016 02:23:16 +0000 (21:23 -0500)]
mm: Add a user_ns owner to mm_struct and fix ptrace permission checks
commit
bfedb589252c01fa505ac9f6f2a3d5d68d707ef4 upstream.
During exec dumpable is cleared if the file that is being executed is
not readable by the user executing the file. A bug in
ptrace_may_access allows reading the file if the executable happens to
enter into a subordinate user namespace (aka clone(CLONE_NEWUSER),
unshare(CLONE_NEWUSER), or setns(fd, CLONE_NEWUSER).
This problem is fixed with only necessary userspace breakage by adding
a user namespace owner to mm_struct, captured at the time of exec, so
it is clear in which user namespace CAP_SYS_PTRACE must be present in
to be able to safely give read permission to the executable.
The function ptrace_may_access is modified to verify that the ptracer
has CAP_SYS_ADMIN in task->mm->user_ns instead of task->cred->user_ns.
This ensures that if the task changes it's cred into a subordinate
user namespace it does not become ptraceable.
The function ptrace_attach is modified to only set PT_PTRACE_CAP when
CAP_SYS_PTRACE is held over task->mm->user_ns. The intent of
PT_PTRACE_CAP is to be a flag to note that whatever permission changes
the task might go through the tracer has sufficient permissions for
it not to be an issue. task->cred->user_ns is always the same
as or descendent of mm->user_ns. Which guarantees that having
CAP_SYS_PTRACE over mm->user_ns is the worst case for the tasks
credentials.
To prevent regressions mm->dumpable and mm->user_ns are not considered
when a task has no mm. As simply failing ptrace_may_attach causes
regressions in privileged applications attempting to read things
such as /proc/<pid>/stat
Acked-by: Kees Cook <keescook@chromium.org>
Tested-by: Cyrill Gorcunov <gorcunov@openvz.org>
Fixes:
8409cca70561 ("userns: allow ptrace from non-init user namespaces")
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
[bwh: Backported to 3.16: adjust context]
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
[sw0312.kim: backport linux-4.4.y commit
d5b3e840dbf6 to apply user_ns exec patch]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Change-Id: I3f7d4629e6ae64e5077faec2357ca55914f4ad1c
Jann Horn [Wed, 20 Jan 2016 23:00:04 +0000 (15:00 -0800)]
ptrace: use fsuid, fsgid, effective creds for fs access checks
[ Upstream commit
caaee6234d05a58c5b4d05e7bf766131b810a657 ]
By checking the effective credentials instead of the real UID / permitted
capabilities, ensure that the calling process actually intended to use its
credentials.
To ensure that all ptrace checks use the correct caller credentials (e.g.
in case out-of-tree code or newly added code omits the PTRACE_MODE_*CREDS
flag), use two new flags and require one of them to be set.
The problem was that when a privileged task had temporarily dropped its
privileges, e.g. by calling setreuid(0, user_uid), with the intent to
perform following syscalls with the credentials of a user, it still passed
ptrace access checks that the user would not be able to pass.
While an attacker should not be able to convince the privileged task to
perform a ptrace() syscall, this is a problem because the ptrace access
check is reused for things in procfs.
In particular, the following somewhat interesting procfs entries only rely
on ptrace access checks:
/proc/$pid/stat - uses the check for determining whether pointers
should be visible, useful for bypassing ASLR
/proc/$pid/maps - also useful for bypassing ASLR
/proc/$pid/cwd - useful for gaining access to restricted
directories that contain files with lax permissions, e.g. in
this scenario:
lrwxrwxrwx root root /proc/13020/cwd -> /root/foobar
drwx------ root root /root
drwxr-xr-x root root /root/foobar
-rw-r--r-- root root /root/foobar/secret
Therefore, on a system where a root-owned mode 6755 binary changes its
effective credentials as described and then dumps a user-specified file,
this could be used by an attacker to reveal the memory layout of root's
processes or reveal the contents of files he is not allowed to access
(through /proc/$pid/cwd).
[akpm@linux-foundation.org: fix warning]
Signed-off-by: Jann Horn <jann@thejh.net>
Acked-by: Kees Cook <keescook@chromium.org>
Cc: Casey Schaufler <casey@schaufler-ca.com>
Cc: Oleg Nesterov <oleg@redhat.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: James Morris <james.l.morris@oracle.com>
Cc: "Serge E. Hallyn" <serge.hallyn@ubuntu.com>
Cc: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: Willy Tarreau <w@1wt.eu>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
[sw0312.kim: checrry-pick from linux-3.18.y to apply user_ns commit]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Change-Id: I4a8db28296c2e18eac9a40e2ebeb65db0c60e342
Seung-Woo Kim [Thu, 13 Sep 2018 07:09:04 +0000 (16:09 +0900)]
drm/tgm: tdm_pp: fix not to call sync fence without fence/dma_buf
When without fence or dma_buf, tdm_pp tries to call sync fence and
it causes null deference or not necessary error message. Fix not
to call sync fence without fence or dma_buf.
Change-Id: Ifb6f460a4bd3470c2a692f8b9b5d526a263f1e68
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Seung-Woo Kim [Thu, 6 Sep 2018 02:00:16 +0000 (11:00 +0900)]
net: bcmdhd: remove gcc 7 build warnings
Remove following gcc 7 build warnings:
drivers/net/wireless/bcmdhd/dhd_common.c: In function ‘dhd_pktfilter_offload_set’:
drivers/net/wireless/bcmdhd/dhd_common.c:3015:16: error: comparison between pointer and zero character constant [-Werror=pointer-compare]
if (argv[i] == '\0') {
^~
drivers/net/wireless/bcmdhd/dhd_common.c:3015:8: note: did you mean to dereference the pointer?
if (argv[i] == '\0') {
^
drivers/net/wireless/bcmdhd/dhd_rtt.c: In function ‘dhd_rtt_init’:
drivers/net/wireless/bcmdhd/dhd_rtt.c:983:56: error: ‘subcmd_info.version’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
*out_version = (ret == BCME_OK) ? subcmd_info.version : 0;
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~
drivers/net/wireless/bcmdhd/dhd_rtt.c:977:20: note: ‘subcmd_info.version’ was declared here
ftm_subcmd_info_t subcmd_info;
^~~~~~~~~~~
Change-Id: I5990eaba2272ecb9633bb0058668eb426fc99d2e
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Seung-Woo Kim [Thu, 6 Sep 2018 01:06:07 +0000 (10:06 +0900)]
misc: modem_if: remove duplicated const declaration specifier
Remove duplicated const declaration specifier to remove build
warning with gcc7.
Change-Id: I8c2e45946685b4fe465951e66b075e7cb18a1fef
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Linus Torvalds [Thu, 13 Jul 2017 02:25:47 +0000 (19:25 -0700)]
disable new gcc-7.1.1 warnings for now
commit
bd664f6b3e376a8ef4990f87d08271cc2d01ba9a upstream.
I made the mistake of upgrading my desktop to the new Fedora 26 that
comes with gcc-7.1.1.
There's nothing wrong per se that I've noticed, but I now have 1500
lines of warnings, mostly from the new format-truncation warning
triggering all over the tree.
We use 'snprintf()' and friends in a lot of places, and often know that
the numbers are fairly small (ie a controller index or similar), but gcc
doesn't know that, and sees an 'int', and thinks that it could be some
huge number. And then complains when our buffers are not able to fit
the name for the ten millionth controller.
These warnings aren't necessarily bad per se, and we probably want to
look through them subsystem by subsystem, but at least during the merge
window they just mean that I can't even see if somebody is introducing
any *real* problems when I pull.
So warnings disabled for now.
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[sw0312.kim: cherry-pick from linux-3.18.y to fix build warning with gcc 7]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Change-Id: I6f56bc8428b5c5f117d9ec8a59af303f9f1ce97d
injun.yang [Mon, 21 May 2018 08:32:16 +0000 (17:32 +0900)]
Bluetooth: Report RPA changed event
When RPA changed, The updated RPA is not applied on
VSC advertising. This patchset generates new event
and resolves the problem.
Change-Id: Icc3dd74da0449cb8e456c27bc34995f43326efe1
Signed-off-by: injun.yang <injun.yang@samsung.com>
Signed-off-by: DoHyun Pyun <dh79.pyun@samsung.com>
Mauro Carvalho Chehab [Wed, 28 Mar 2018 17:59:22 +0000 (13:59 -0400)]
media: v4l2-compat-ioctl32: don't oops on overlay
commit
85ea29f19eab56ec16ec6b92bc67305998706afa upstream.
At put_v4l2_window32(), it tries to access kp->clips. However,
kp points to an userspace pointer. So, it should be obtained
via get_user(), otherwise it can OOPS:
vivid-000: ================== END STATUS ==================
BUG: unable to handle kernel paging request at
00000000fffb18e0
IP: [<
ffffffffc05468d9>] __put_v4l2_format32+0x169/0x220 [videodev]
PGD
3f5776067 PUD
3f576f067 PMD
3f5769067 PTE
800000042548f067
Oops: 0001 [#1] SMP
Modules linked in: vivid videobuf2_vmalloc videobuf2_memops v4l2_dv_timings videobuf2_core v4l2_common videodev media xt_CHECKSUM iptable_mangle ipt_MASQUERADE nf_nat_masquerade_ipv4 iptable_nat nf_nat_ipv4 nf_nat nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack nf_conntrack tun bridge stp llc ebtable_filter ebtables ip6table_filter ip6_tables bluetooth rfkill binfmt_misc snd_hda_codec_hdmi i915 snd_hda_intel snd_hda_controller snd_hda_codec intel_rapl x86_pkg_temp_thermal snd_hwdep intel_powerclamp snd_pcm coretemp snd_seq_midi kvm_intel kvm snd_seq_midi_event snd_rawmidi i2c_algo_bit drm_kms_helper snd_seq drm crct10dif_pclmul e1000e snd_seq_device crc32_pclmul snd_timer ghash_clmulni_intel snd mei_me mei ptp pps_core soundcore lpc_ich video crc32c_intel [last unloaded: media]
CPU: 2 PID: 28332 Comm: v4l2-compliance Not tainted 3.18.102+ #107
Hardware name: /NUC5i7RYB, BIOS RYBDWi35.86A.0364.2017.0511.0949 05/11/2017
task:
ffff8804293f8000 ti:
ffff8803f5640000 task.ti:
ffff8803f5640000
RIP: 0010:[<
ffffffffc05468d9>] [<
ffffffffc05468d9>] __put_v4l2_format32+0x169/0x220 [videodev]
RSP: 0018:
ffff8803f5643e28 EFLAGS:
00010246
RAX:
0000000000000000 RBX:
0000000000000000 RCX:
00000000fffb1ab4
RDX:
00000000fffb1a68 RSI:
00000000fffb18d8 RDI:
00000000fffb1aa8
RBP:
ffff8803f5643e48 R08:
0000000000000001 R09:
ffff8803f54b0378
R10:
0000000000000000 R11:
0000000000000168 R12:
00000000fffb18c0
R13:
00000000fffb1a94 R14:
00000000fffb18c8 R15:
0000000000000000
FS:
0000000000000000(0000) GS:
ffff880456d00000(0063) knlGS:
00000000f7100980
CS: 0010 DS: 002b ES: 002b CR0:
0000000080050033
CR2:
00000000fffb18e0 CR3:
00000003f552b000 CR4:
00000000003407e0
Stack:
00000000fffb1a94 00000000c0cc5640 0000000000000056 ffff8804274f3600
ffff8803f5643ed0 ffffffffc0547e16 0000000000000003 ffff8803f5643eb0
ffffffff81301460 ffff88009db44b01 ffff880441942520 ffff8800c0d05640
Call Trace:
[<
ffffffffc0547e16>] v4l2_compat_ioctl32+0x12d6/0x1b1d [videodev]
[<
ffffffff81301460>] ? file_has_perm+0x70/0xc0
[<
ffffffff81252a2c>] compat_SyS_ioctl+0xec/0x1200
[<
ffffffff8173241a>] sysenter_dispatch+0x7/0x21
Code: 00 00 48 8b 80 48 c0 ff ff 48 83 e8 38 49 39 c6 0f 87 2b ff ff ff 49 8d 45 1c e8 a3 ce e3 c0 85 c0 0f 85 1a ff ff ff 41 8d 40 ff <4d> 8b 64 24 20 41 89 d5 48 8d 44 40 03 4d 8d 34 c4 eb 15 0f 1f
RIP [<
ffffffffc05468d9>] __put_v4l2_format32+0x169/0x220 [videodev]
RSP <
ffff8803f5643e28>
CR2:
00000000fffb18e0
Tested with vivid driver on Kernel v3.18.102.
Same bug happens upstream too:
BUG: KASAN: user-memory-access in __put_v4l2_format32+0x98/0x4d0 [videodev]
Read of size 8 at addr
00000000ffe48400 by task v4l2-compliance/8713
CPU: 0 PID: 8713 Comm: v4l2-compliance Not tainted 4.16.0-rc4+ #108
Hardware name: /NUC5i7RYB, BIOS RYBDWi35.86A.0364.2017.0511.0949 05/11/2017
Call Trace:
dump_stack+0x5c/0x7c
kasan_report+0x164/0x380
? __put_v4l2_format32+0x98/0x4d0 [videodev]
__put_v4l2_format32+0x98/0x4d0 [videodev]
v4l2_compat_ioctl32+0x1aec/0x27a0 [videodev]
? __fsnotify_inode_delete+0x20/0x20
? __put_v4l2_format32+0x4d0/0x4d0 [videodev]
compat_SyS_ioctl+0x646/0x14d0
? do_ioctl+0x30/0x30
do_fast_syscall_32+0x191/0x3f4
entry_SYSENTER_compat+0x6b/0x7a
==================================================================
Disabling lock debugging due to kernel taint
BUG: unable to handle kernel paging request at
00000000ffe48400
IP: __put_v4l2_format32+0x98/0x4d0 [videodev]
PGD
3a22fb067 P4D
3a22fb067 PUD
39b6f0067 PMD
39b6f1067 PTE
80000003256af067
Oops: 0001 [#1] SMP KASAN
Modules linked in: vivid videobuf2_vmalloc videobuf2_dma_contig videobuf2_memops v4l2_tpg v4l2_dv_timings videobuf2_v4l2 videobuf2_common v4l2_common videodev xt_CHECKSUM iptable_mangle ipt_MASQUERADE nf_nat_masquerade_ipv4 iptable_nat nf_nat_ipv4 nf_nat nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack nf_conntrack libcrc32c tun bridge stp llc ebtable_filter ebtables ip6table_filter ip6_tables bluetooth rfkill ecdh_generic binfmt_misc snd_hda_codec_hdmi intel_rapl x86_pkg_temp_thermal intel_powerclamp i915 coretemp snd_hda_intel snd_hda_codec kvm_intel snd_hwdep snd_hda_core kvm snd_pcm irqbypass crct10dif_pclmul crc32_pclmul snd_seq_midi ghash_clmulni_intel snd_seq_midi_event i2c_algo_bit intel_cstate snd_rawmidi intel_uncore snd_seq drm_kms_helper e1000e snd_seq_device snd_timer intel_rapl_perf
drm ptp snd mei_me mei lpc_ich pps_core soundcore video crc32c_intel
CPU: 0 PID: 8713 Comm: v4l2-compliance Tainted: G B 4.16.0-rc4+ #108
Hardware name: /NUC5i7RYB, BIOS RYBDWi35.86A.0364.2017.0511.0949 05/11/2017
RIP: 0010:__put_v4l2_format32+0x98/0x4d0 [videodev]
RSP: 0018:
ffff8803b9be7d30 EFLAGS:
00010282
RAX:
0000000000000000 RBX:
ffff8803ac983e80 RCX:
ffffffff8cd929f2
RDX:
1ffffffff1d0a149 RSI:
0000000000000297 RDI:
0000000000000297
RBP:
00000000ffe485c0 R08:
fffffbfff1cf5123 R09:
ffffffff8e7a8948
R10:
0000000000000001 R11:
fffffbfff1cf5122 R12:
00000000ffe483e0
R13:
00000000ffe485c4 R14:
ffff8803ac985918 R15:
00000000ffe483e8
FS:
0000000000000000(0000) GS:
ffff880407400000(0063) knlGS:
00000000f7a46980
CS: 0010 DS: 002b ES: 002b CR0:
0000000080050033
CR2:
00000000ffe48400 CR3:
00000003a83f2003 CR4:
00000000003606f0
Call Trace:
v4l2_compat_ioctl32+0x1aec/0x27a0 [videodev]
? __fsnotify_inode_delete+0x20/0x20
? __put_v4l2_format32+0x4d0/0x4d0 [videodev]
compat_SyS_ioctl+0x646/0x14d0
? do_ioctl+0x30/0x30
do_fast_syscall_32+0x191/0x3f4
entry_SYSENTER_compat+0x6b/0x7a
Code: 4c 89 f7 4d 8d 7c 24 08 e8 e6 a4 69 cb 48 8b 83 98 1a 00 00 48 83 e8 10 49 39 c7 0f 87 9d 01 00 00 49 8d 7c 24 20 e8 c8 a4 69 cb <4d> 8b 74 24 20 4c 89 ef 4c 89 fe ba 10 00 00 00 e8 23 d9 08 cc
RIP: __put_v4l2_format32+0x98/0x4d0 [videodev] RSP:
ffff8803b9be7d30
CR2:
00000000ffe48400
cc: stable@vger.kernel.org
Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
Reviewed-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Reviewed-by: Hans Verkuil <hans.verkuil@cisco.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[sw0312.kim: cherry-pick from linux-3.18.y to fix v4l2 compat issue]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Change-Id: I8a13d078d662e5fe2ac6d8bad84c9cde015d576a
Inki Dae [Tue, 24 Apr 2018 06:09:19 +0000 (15:09 +0900)]
drm/tgm: fix deadlock issue
Fixed a deadlock issue on mem_lock of tdm pp driver.
The deadlock could happen when pp_start_property function
is called at the funciton which already taken a mem_lock
because pp_start_property takes the mem_lock internally
so this patch makes the mem_lock to be unlocked before
pp_start_property funciton is called.
Change-Id: Icde3999a978252c00d845fd0a954cf5d3298397a
Signed-off-by: Inki Dae <inki.dae@samsung.com>
Seung-Woo Kim [Tue, 24 Apr 2018 07:02:17 +0000 (16:02 +0900)]
drm/tgm: tdm_pp: fix possible deadlock with ppdrv->cmd_lock
When releasing tgm drm driver, there can be deadlock for
ppdrv->cmd_lock during call path of pp_put_mem_node()
because pp_find_drv_by_handle() has also ppdrv->cmd_lock.
Fix the possible deadlock with ppdrv->cmd_lock by storing ppdrv
in m_node.
Change-Id: Ibb94b4cca818d94ee02e672e8547c1a831388322
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Signed-off-by: Inki Dae <inki.dae@samsung.com>
Seung-Woo Kim [Tue, 24 Apr 2018 05:17:34 +0000 (14:17 +0900)]
video: fbdev: exynos: decon: lower repeated spamming log
There are too many log about te on and off. Lower repeated spamming
log.
Change-Id: I80a1e6981d543d6355eecf574e227bb6d3aedbc4
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Seung-Woo Kim [Tue, 24 Apr 2018 05:16:26 +0000 (14:16 +0900)]
drm/tgm: tdm: lower repeated vblank log
There are too many log about vblank irq enable and disable. Lower
repeated spamming log.
Change-Id: I8db0c7a4efbec6a9dd8db81cf847018ee47edb61
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Seung-Woo Kim [Tue, 24 Apr 2018 04:49:23 +0000 (13:49 +0900)]
drm/tgm: tbm: lower repeated spamming log
There are too many log about gem alloc and free. Lower repeated
spamming log.
Change-Id: Ia7520df48ad67e6b9e41594e4b4eea48977365bd
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Seung-Woo Kim [Tue, 24 Apr 2018 04:48:29 +0000 (13:48 +0900)]
ion: lower repeated spamming log
There are too many log about ion alloc and free. Lower repeated
spamming log.
Change-Id: I65cb53537ea5c778f514894e96486cb6965ecf54
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Seung-Woo Kim [Tue, 17 Apr 2018 07:32:06 +0000 (16:32 +0900)]
arm64: tizen_tw2_defconfig: enable CONFIG_CONNECTOR and CONFIG_PROC_EVENTS
These options enable Netlink Connector feature of kernel to monitor
process lifecycle like Fork and Exit status of all processes
asynchronously.
In Tzen, it will be used by stc-manager(smart traffic control) to
monitor process lifecycle.
Change-Id: I265504609e6b2ce963875e66884d064affc48d9d
Signed-off-by: hyunuktak <hyunuk.tak@samsung.com>
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Seung-Woo Kim [Tue, 17 Apr 2018 07:14:46 +0000 (16:14 +0900)]
arm64: tizen_tw2_defconfig: enable NETFILTER_XT_TARGET_LOG
Enable NETFILTER_XT_TARGET_LOG for analysis of iptables log.
It is a iptables feature for security report on Tizen 5.0,
required from stc-manager.
Signed-off-by: hyunuktak <hyunuk.tak@samsung.com>
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Change-Id: Ia31c1e9463f28b74a67bad7272e0fea08c88c28c
Hoegeun Kwon [Wed, 11 Apr 2018 01:15:12 +0000 (10:15 +0900)]
arm64: tizen_tw2_defconfig: enable SW_SYNC
Enable the SW_SYNC framework configuration for use sw_sync from
userspace.
Change-Id: I7af5a77ac0f0b5694bb660e7f6155dbffafd8487
Signed-off-by: Hoegeun Kwon <hoegeun.kwon@samsung.com>
Hoegeun Kwon [Wed, 11 Apr 2018 01:14:25 +0000 (10:14 +0900)]
video: fbdev: exynos: decon: Remove unnecessary code about sw_sync
There is problem that dma_sync and sw_sync can not be used together at
the same time. Since dma_sync is a mixed implementation of sw_sync and
dma, only dma_sync of decon should be used. So remove unnecessary
sw_sync code from decon driver.
Change-Id: I0f0567306d61db6c480daf1ac8f86d2a174c912a
Signed-off-by: Hoegeun Kwon <hoegeun.kwon@samsung.com>
Mauro Carvalho Chehab [Wed, 28 Mar 2018 18:12:37 +0000 (15:12 -0300)]
media: v4l2-compat-ioctl32: initialize a reserved field
The get_v4l2_create32() function is missing a logic with
would be cleaning a reserved field, causing v4l2-compliance
to complain:
Buffer ioctls (Input 0):
fail: v4l2-test-buffers.cpp(506): check_0(crbufs.reserved, sizeof(crbufs.reserved))
test VIDIOC_REQBUFS/CREATE_BUFS/QUERYBUF: FAIL
Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[sw0312.kim: cherry-pick from linux-3.18.y]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Change-Id: I460dc03643f4217adbfe4d8271ab4c917ab8a269
Mauro Carvalho Chehab [Wed, 28 Mar 2018 18:12:36 +0000 (15:12 -0300)]
media: v4l2-compat-ioctl32: use compat_u64 for video standard
Instead of using the "v4l2_std_id" typedef, use compat_u64,
as otherwise it fails to properly handle some ioctls.
Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[sw0312.kim: cherry-pick from linux-3.18.y]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Change-Id: I90b98df2c23d496133e7bd16a60f5150dba55624
Ricardo Ribalda [Wed, 28 Mar 2018 18:12:35 +0000 (15:12 -0300)]
media: media/v4l2-ctrls: volatiles should not generate CH_VALUE
Volatile controls should not generate CH_VALUE events.
Set has_changed to false to prevent this happening.
Signed-off-by: Ricardo Ribalda Delgado <ricardo.ribalda@gmail.com>
Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[sw0312.kim: cherry-pick from linux-3.18.y]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Change-Id: Ia813ed1bf457bafcdae47c02d781203f2b19b3de
Hans Verkuil [Wed, 28 Mar 2018 18:12:34 +0000 (15:12 -0300)]
media: v4l2-ctrls: fix sparse warning
The warning is simple:
drivers/media/v4l2-core/v4l2-ctrls.c:1685:15: warning: incorrect type in assignment (different address spaces)
but the fix isn't.
The core problem was that the conversion from user to kernelspace was
done at too low a level and that needed to be moved up. That made it possible
to drop pointers to v4l2_ext_control from set_ctrl and validate_new and
clean up this sparse warning because those functions now always operate
on kernelspace pointers.
Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[sw0312.kim: cherry-pick from linux-3.18.y]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Change-Id: I6fb703a407c7e41e640fe018005db461ce01f57a
Daniel Mentz [Wed, 28 Mar 2018 18:12:33 +0000 (15:12 -0300)]
media: v4l2-compat-ioctl32.c: refactor compat ioctl32 logic
commit
a1dfb4c48cc1e64eeb7800a27c66a6f7e88d075a upstream.
The 32-bit compat v4l2 ioctl handling is implemented based on its 64-bit
equivalent. It converts 32-bit data structures into its 64-bit
equivalents and needs to provide the data to the 64-bit ioctl in user
space memory which is commonly allocated using
compat_alloc_user_space().
However, due to how that function is implemented, it can only be called
a single time for every syscall invocation.
Supposedly to avoid this limitation, the existing code uses a mix of
memory from the kernel stack and memory allocated through
compat_alloc_user_space().
Under normal circumstances, this would not work, because the 64-bit
ioctl expects all pointers to point to user space memory. As a
workaround, set_fs(KERNEL_DS) is called to temporarily disable this
extra safety check and allow kernel pointers. However, this might
introduce a security vulnerability: The result of the 32-bit to 64-bit
conversion is writeable by user space because the output buffer has been
allocated via compat_alloc_user_space(). A malicious user space process
could then manipulate pointers inside this output buffer, and due to the
previous set_fs(KERNEL_DS) call, functions like get_user() or put_user()
no longer prevent kernel memory access.
The new approach is to pre-calculate the total amount of user space
memory that is needed, allocate it using compat_alloc_user_space() and
then divide up the allocated memory to accommodate all data structures
that need to be converted.
An alternative approach would have been to retain the union type karg
that they allocated on the kernel stack in do_video_ioctl(), copy all
data from user space into karg and then back to user space. However, we
decided against this approach because it does not align with other
compat syscall implementations. Instead, we tried to replicate the
get_user/put_user pairs as found in other places in the kernel:
if (get_user(clipcount, &up->clipcount) ||
put_user(clipcount, &kp->clipcount)) return -EFAULT;
Notes from hans.verkuil@cisco.com:
This patch was taken from:
https://github.com/LineageOS/android_kernel_samsung_apq8084/commit/
97b733953c06e4f0398ade18850f0817778255f7
Clearly nobody could be bothered to upstream this patch or at minimum
tell us :-( We only heard about this a week ago.
This patch was rebased and cleaned up. Compared to the original I
also swapped the order of the convert_in_user arguments so that they
matched copy_in_user. It was hard to review otherwise. I also replaced
the ALLOC_USER_SPACE/ALLOC_AND_GET by a normal function.
Fixes:
6b5a9492ca ("v4l: introduce string control support.")
Signed-off-by: Daniel Mentz <danielmentz@google.com>
Co-developed-by: Hans Verkuil <hans.verkuil@cisco.com>
Acked-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[sw0312.kim: backport from linux-3.18.y to fix CVE-2017-13166]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Change-Id: Ibaacca255bc460dd8d5d65bdfcaf206e92513fde
Hans Verkuil [Wed, 28 Mar 2018 18:12:32 +0000 (15:12 -0300)]
media: v4l2-compat-ioctl32.c: don't copy back the result for certain errors
commit
d83a8243aaefe62ace433e4384a4f077bed86acb upstream.
Some ioctls need to copy back the result even if the ioctl returned
an error. However, don't do this for the error code -ENOTTY.
It makes no sense in that cases.
Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
Acked-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[sw0312.kim: cherry-pick from linux-3.18.y to apply CVE patch]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Change-Id: I1454b74c7f56e73bef2349528d68d15927fba359
Hans Verkuil [Wed, 28 Mar 2018 18:12:31 +0000 (15:12 -0300)]
media: v4l2-compat-ioctl32.c: drop pr_info for unknown buffer type
commit
169f24ca68bf0f247d111aef07af00dd3a02ae88 upstream.
There is nothing wrong with using an unknown buffer type. So
stop spamming the kernel log whenever this happens. The kernel
will just return -EINVAL to signal this.
Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
Acked-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[sw0312.kim: cherry-pick from linux-3.18.y to apply CVE patch]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Change-Id: I6d4c1415da97ddd04dbc06016cc44658c8e88478
Hans Verkuil [Wed, 28 Mar 2018 18:12:30 +0000 (15:12 -0300)]
media: v4l2-compat-ioctl32.c: copy clip list in put_v4l2_window32
commit
a751be5b142ef6bcbbb96d9899516f4d9c8d0ef4 upstream.
put_v4l2_window32() didn't copy back the clip list to userspace.
Drivers can update the clip rectangles, so this should be done.
Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
Acked-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[sw0312.kim: cherry-pick from linux-3.18.y to apply CVE patch]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Change-Id: Iba7cbe2dfdd1f4beee06a0dde5fbedc4bc3f630b
Daniel Mentz [Wed, 28 Mar 2018 18:12:29 +0000 (15:12 -0300)]
media: v4l2-compat-ioctl32: Copy v4l2_window->global_alpha
commit
025a26fa14f8fd55d50ab284a30c016a5be953d0 upstream.
Commit
b2787845fb91 ("V4L/DVB (5289): Add support for video output
overlays.") added the field global_alpha to struct v4l2_window but did
not update the compat layer accordingly. This change adds global_alpha
to struct v4l2_window32 and copies the value for global_alpha back and
forth.
Signed-off-by: Daniel Mentz <danielmentz@google.com>
Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[sw0312.kim: cherry-pick from linux-3.18.y to apply CVE patch]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Change-Id: Ib2d1ad02004695368b67adb5f5cfb24da4b24f98
Hans Verkuil [Wed, 28 Mar 2018 18:12:28 +0000 (15:12 -0300)]
media: v4l2-compat-ioctl32.c: make ctrl_is_pointer work for subdevs
commit
273caa260035c03d89ad63d72d8cd3d9e5c5e3f1 upstream.
If the device is of type VFL_TYPE_SUBDEV then vdev->ioctl_ops
is NULL so the 'if (!ops->vidioc_query_ext_ctrl)' check would crash.
Add a test for !ops to the condition.
All sub-devices that have controls will use the control framework,
so they do not have an equivalent to ops->vidioc_query_ext_ctrl.
Returning false if ops is NULL is the correct thing to do here.
Fixes:
b8c601e8af ("v4l2-compat-ioctl32.c: fix ctrl_is_pointer")
Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
Acked-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Reported-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Reviewed-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[sw0312.kim: cherry-pick from linux-3.18.y to apply CVE patch]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Change-Id: Ic0d6aa250477471606b525b3b1d9a487e357475c
Hans Verkuil [Wed, 28 Mar 2018 18:12:27 +0000 (15:12 -0300)]
media: v4l2-compat-ioctl32.c: fix ctrl_is_pointer
commit
b8c601e8af2d08f733d74defa8465303391bb930 upstream.
ctrl_is_pointer just hardcoded two known string controls, but that
caused problems when using e.g. custom controls that use a pointer
for the payload.
Reimplement this function: it now finds the v4l2_ctrl (if the driver
uses the control framework) or it calls vidioc_query_ext_ctrl (if the
driver implements that directly).
In both cases it can now check if the control is a pointer control
or not.
Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
Acked-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[sw0312.kim: cherry-pick from linux-3.18.y to apply CVE patch]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Change-Id: Iead5cedaa99187b870ff120fb737640a37ab09c1
Hans Verkuil [Wed, 28 Mar 2018 18:12:26 +0000 (15:12 -0300)]
media: v4l2-compat-ioctl32.c: copy m.userptr in put_v4l2_plane32
commit
8ed5a59dcb47a6f76034ee760b36e089f3e82529 upstream.
The struct v4l2_plane32 should set m.userptr as well. The same
happens in v4l2_buffer32 and v4l2-compliance tests for this.
Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
Acked-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[sw0312.kim: cherry-pick from linux-3.18.y to apply CVE patch]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Change-Id: Ib603e608bb945be880e1bab1233a7063812956ef
Hans Verkuil [Wed, 28 Mar 2018 18:12:25 +0000 (15:12 -0300)]
media: v4l2-compat-ioctl32.c: avoid sizeof(type)
commit
333b1e9f96ce05f7498b581509bb30cde03018bf upstream.
Instead of doing sizeof(struct foo) use sizeof(*up). There even were
cases where 4 * sizeof(__u32) was used instead of sizeof(kp->reserved),
which is very dangerous when the size of the reserved array changes.
Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
Acked-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[sw0312.kim: cherry-pick from linux-3.18.y to apply CVE patch]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Change-Id: I66c5ebf8cdf0a7fbd15c236804f85f7fc77422b3
Hans Verkuil [Wed, 28 Mar 2018 18:12:24 +0000 (15:12 -0300)]
media: v4l2-compat-ioctl32.c: move 'helper' functions to __get/put_v4l2_format32
commit
486c521510c44a04cd756a9267e7d1e271c8a4ba upstream.
These helper functions do not really help. Move the code to the
__get/put_v4l2_format32 functions.
Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
Acked-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[sw0312.kim: cherry-pick from linux-3.18.y to apply CVE patch]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Change-Id: I055f604210da7586257dcfa667d4d02d92f98697
Hans Verkuil [Wed, 24 Jan 2018 09:35:48 +0000 (04:35 -0500)]
media: v4l2-compat-ioctl32.c: fix the indentation
commit
b7b957d429f601d6d1942122b339474f31191d75 upstream.
The indentation of this source is all over the place. Fix this.
This patch only changes whitespace.
Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
Acked-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Cc: <stable@vger.kernel.org> # for v4.15 and up
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[sw0312.kim: cherry-pick from linux-3.18.y to apply CVE patch]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Change-Id: I32d44cc5a5e598fe44cfa31f72fb1adee9aee903
Hans Verkuil [Wed, 24 Jan 2018 13:37:04 +0000 (08:37 -0500)]
media: v4l2-compat-ioctl32.c: add missing VIDIOC_PREPARE_BUF
commit
3ee6d040719ae09110e5cdf24d5386abe5d1b776 upstream.
The result of the VIDIOC_PREPARE_BUF ioctl was never copied back
to userspace since it was missing in the switch.
Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
Acked-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Cc: <stable@vger.kernel.org> # for v4.15 and up
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[sw0312.kim: cherry-pick from linux-3.18.y to apply CVE patch]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Change-Id: I46cfe614d06f3e5885e29f8e07f0196398fb837c
Ricardo Ribalda [Mon, 20 Jun 2016 12:47:22 +0000 (09:47 -0300)]
vb2: V4L2_BUF_FLAG_DONE is set after DQBUF
commit
3171cc2b4eb9831ab4df1d80d0410a945b8bc84e upstream.
According to the doc, V4L2_BUF_FLAG_DONE is cleared after DQBUF:
V4L2_BUF_FLAG_DONE 0x00000004 ... After calling the VIDIOC_QBUF or
VIDIOC_DQBUF it is always cleared ...
Unfortunately, it seems that videobuf2 keeps it set after DQBUF. This
can be tested with vivid and dev_debug:
[257604.338082] video1: VIDIOC_DQBUF: 71:33:25.
00260479 index=3,
type=vid-cap, flags=0x00002004, field=none, sequence=163,
memory=userptr, bytesused=460800, offset/userptr=0x344b000,
length=460800
This patch forces FLAG_DONE to 0 after calling DQBUF.
Reported-by: Dimitrios Katsaros <patcherwork@gmail.com>
Signed-off-by: Ricardo Ribalda Delgado <ricardo.ribalda@gmail.com>
Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[sw0312.kim: cherry-pick from linux-3.18.y]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Change-Id: I22dc967ed1cceece77e6235c72ebdb3472bd4245
Hans Verkuil [Tue, 30 Jan 2018 08:50:01 +0000 (03:50 -0500)]
media: v4l2-ioctl.c: don't copy back the result for -ENOTTY
commit
181a4a2d5a0a7b43cab08a70710d727e7764ccdd upstream.
If the ioctl returned -ENOTTY, then don't bother copying
back the result as there is no point.
Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
Acked-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Cc: <stable@vger.kernel.org> # for v4.15 and up
Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[sw0312.kim: cherry-pick from linux-3.18.y to apply CVE patch]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Change-Id: I74f89733fb3be9adb9ba8026be1dc699bed0445f
Ricardo Ribalda Delgado [Tue, 17 Oct 2017 15:48:50 +0000 (11:48 -0400)]
media: v4l2-ctrl: Fix flags field on Control events
commit
9cac9d2fb2fe0e0cadacdb94415b3fe49e3f724f upstream.
VIDIOC_DQEVENT and VIDIOC_QUERY_EXT_CTRL should give the same output for
the control flags field.
This patch creates a new function user_flags(), that calculates the user
exported flags value (which is different than the kernel internal flags
structure). This function is then used by all the code that exports the
internal flags to userspace.
Reported-by: Dimitrios Katsaros <patcherwork@gmail.com>
Signed-off-by: Ricardo Ribalda Delgado <ricardo.ribalda@gmail.com>
Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[sw0312.kim: cherry-pick from linux-3.18.y]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Change-Id: I7ce4c954bdf559e7cf60816202e4fb1f2fa2ad90
Daniel Mentz [Thu, 3 Aug 2017 03:42:17 +0000 (23:42 -0400)]
media: v4l2-compat-ioctl32: Fix timespec conversion
commit
9c7ba1d7634cef490b85bc64c4091ff004821bfd upstream.
Certain syscalls like recvmmsg support 64 bit timespec values for the
X32 ABI. The helper function compat_put_timespec converts a timespec
value to a 32 bit or 64 bit value depending on what ABI is used. The
v4l2 compat layer, however, is not designed to support 64 bit timespec
values and always uses 32 bit values. Hence, compat_put_timespec must
not be used.
Without this patch, user space will be provided with bad timestamp
values from the VIDIOC_DQEVENT ioctl. Also, fields of the struct
v4l2_event32 that come immediately after timestamp get overwritten,
namely the field named id.
Fixes:
81993e81a994 ("compat: Get rid of (get|put)_compat_time(val|spec)")
Cc: H. Peter Anvin <hpa@linux.intel.com>
Cc: Laurent Pinchart <laurent.pinchart+renesas@ideasonboard.com>
Cc: Tiffany Lin <tiffany.lin@mediatek.com>
Cc: Ricardo Ribalda Delgado <ricardo.ribalda@gmail.com>
Cc: Sakari Ailus <sakari.ailus@linux.intel.com>
Signed-off-by: Daniel Mentz <danielmentz@google.com>
Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[sw0312.kim: cherry-pick from linux-3.18.y]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Change-Id: I713662fe9e2103c91fe717929116ae28c57e150d
Christophe JAILLET [Fri, 28 Apr 2017 04:51:40 +0000 (01:51 -0300)]
vb2: Fix an off by one error in 'vb2_plane_vaddr'
commit
5ebb6dd36c9f5fb37b1077b393c254d70a14cb46 upstream.
We should ensure that 'plane_no' is '< vb->num_planes' as done in
'vb2_plane_cookie' just a few lines below.
Fixes:
e23ccc0ad925 ("[media] v4l: add videobuf2 Video for Linux 2 driver framework")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Reviewed-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[sw0312.kim: cherry-pick from linux-3.18.y]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Change-Id: I78542d0bb4c29c29a1c111cebed7ece2fc6d81cf
Linus Torvalds [Tue, 21 Apr 2015 19:49:33 +0000 (12:49 -0700)]
media: remove unused variable that causes a warning
commit
1d11437f4fd02f9b5d3749675a1232216787dcc6 upstream.
My 'allmodconfig' build is _almost_ free of warnings, and most of the
remaining ones are for legacy drivers that just do bad things that I
can't find it in my black heart to care too much about. But this one
was just annoying me:
drivers/media/v4l2-core/videobuf2-core.c:3256:26: warning: unused variable ‘fileio’ [-Wunused-variable]
because commit
0e661006370b ("[media] vb2: fix 'UNBALANCED' warnings
when calling vb2_thread_stop()") removed all users of 'fileio' and
instead calls "__vb2_cleanup_fileio(q)" to clean up q->fileio. But the
now unused 'fileio' variable was left around.
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[sw0312.kim: cherry-pick from linux-3.18.y]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Change-Id: Ibcc1613a6740e15d51218a4373647f262088c1d1
Tiffany Lin [Tue, 19 Jan 2016 07:56:50 +0000 (05:56 -0200)]
media: v4l2-compat-ioctl32: fix missing length copy in put_v4l2_buffer32
[ Upstream commit
7df5ab8774aa383c6d2bff00688d004585d96dfd ]
In v4l2-compliance utility, test QUERYBUF required correct length
value to go through each planar to check planar's length in
multi-planar buffer type
Signed-off-by: Tiffany Lin <tiffany.lin@mediatek.com>
Reviewed-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
Cc: <stable@vger.kernel.org> # for v3.7 and up
Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
[sw0312.kim: cherry-pick from linux-3.18.y]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Change-Id: I08b90f7703cb8e46c3e26d8d596f806f9c24185e
Sasha Levin [Mon, 1 Feb 2016 16:27:06 +0000 (11:27 -0500)]
vb2: fix a regression in poll() behavior for output,streams
[ Upstream commit
4623e5967448444a4ea1e77beb58898c4af48693 ]
In the 3.17 kernel the poll() behavior changed for output streams:
as long as not all buffers were queued up poll() would return that
userspace can write. This is fine for the write() call, but when
using stream I/O this changed the behavior since the expectation
was that it would wait for buffers to become available for dequeuing.
This patch only enables the check whether you can queue buffers
for file I/O only, and skips it for stream I/O.
Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
Acked-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Cc: <stable@vger.kernel.org> # for v3.17 and up
Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
[sw0312.kim: cherry-pick from linux-3.18.y]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Change-Id: I6874d98e4881c059d592addb2e9767d398d82262
Liping Zhang [Tue, 28 Mar 2017 14:59:25 +0000 (22:59 +0800)]
netfilter: nfnetlink_queue: fix secctx memory leak
We must call security_release_secctx to free the memory returned by
security_secid_to_secctx, otherwise memory may be leaked forever.
Fixes:
ef493bd930ae ("netfilter: nfnetlink_queue: add security context information")
Signed-off-by: Liping Zhang <zlpnobody@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
[sw0312.kim: backport the commit
77c1c03c5b8 from mainline to fix already backported commit
- the commit
ef493bd930ae ("netfilter: nfnetlink_queue: add security context information") was backported for nether.service in tizen
- change in net/netfilter/nfnetlink_queue.c is applied to net/netfilter/nfnetlink_queue_core.c]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Change-Id: Ifbc5f96bb6039503b7390864936fe6eda2e53acb
Roman Gushchin [Fri, 17 Nov 2017 23:26:45 +0000 (15:26 -0800)]
proc, coredump: add CoreDumping flag to /proc/pid/status
Right now there is no convenient way to check if a process is being
coredumped at the moment.
It might be necessary to recognize such state to prevent killing the
process and getting a broken coredump. Writing a large core might take
significant time, and the process is unresponsive during it, so it might
be killed by timeout, if another process is monitoring and
killing/restarting hanging tasks.
We're getting a significant number of corrupted coredump files on
machines in our fleet, just because processes are being killed by
timeout in the middle of the core writing process.
We do have a process health check, and some agent is responsible for
restarting processes which are not responding for health check requests.
Writing a large coredump to the disk can easily exceed the reasonable
timeout (especially on an overloaded machine).
This flag will allow the agent to distinguish processes which are being
coredumped, extend the timeout for them, and let them produce a full
coredump file.
To provide an ability to detect if a process is in the state of being
coredumped, we can expose a boolean CoreDumping flag in
/proc/pid/status.
Example:
$ cat core.sh
#!/bin/sh
echo "|/usr/bin/sleep 10" > /proc/sys/kernel/core_pattern
sleep 1000 &
PID=$!
cat /proc/$PID/status | grep CoreDumping
kill -ABRT $PID
sleep 1
cat /proc/$PID/status | grep CoreDumping
$ ./core.sh
CoreDumping: 0
CoreDumping: 1
[guro@fb.com: document CoreDumping flag in /proc/<pid>/status]
Link: http://lkml.kernel.org/r/20170928135357.GA8470@castle.DHCP.thefacebook.com
Link: http://lkml.kernel.org/r/20170920230634.31572-1-guro@fb.com
Signed-off-by: Roman Gushchin <guro@fb.com>
Cc: Alexander Viro <viro@zeniv.linux.org.uk>
Cc: Ingo Molnar <mingo@kernel.org>
Cc: Konstantin Khlebnikov <koct9i@gmail.com>
Cc: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
[inki.dae: backported from mainline - commit :
c643401218be
On Tizen, there is one issue that a process doing coredump can be killed.
This patch allows a process to detect if given process is being dumped.
With this, Tizen can exclude such process from 'kill list' so that
coredump process can finish coredump work.]
Signed-off-by: Inki Dae <inki.dae@samsung.com>
Change-Id: I7ddd9fc618942244bd7e8523be3f080504cc9a06
Jaehoon Chung [Mon, 16 Oct 2017 10:18:19 +0000 (19:18 +0900)]
packaging: add the dzImage-recovery image
Add the dzImage-recovery image as using recovery.
Change-Id: Iafac3bdbd8165a12701fa12c6ddd2ca23ab91d2d
Signed-off-by: Jaehoon Chung <jh80.chung@samsung.com>
zhong jiang [Wed, 28 Sep 2016 22:22:30 +0000 (15:22 -0700)]
mm,ksm: fix endless looping in allocating memory when ksm enable
[ Upstream commit
5b398e416e880159fe55eefd93c6588fa072cd66 ]
I hit the following hung task when runing a OOM LTP test case with 4.1
kernel.
Call trace:
[<
ffffffc000086a88>] __switch_to+0x74/0x8c
[<
ffffffc000a1bae0>] __schedule+0x23c/0x7bc
[<
ffffffc000a1c09c>] schedule+0x3c/0x94
[<
ffffffc000a1eb84>] rwsem_down_write_failed+0x214/0x350
[<
ffffffc000a1e32c>] down_write+0x64/0x80
[<
ffffffc00021f794>] __ksm_exit+0x90/0x19c
[<
ffffffc0000be650>] mmput+0x118/0x11c
[<
ffffffc0000c3ec4>] do_exit+0x2dc/0xa74
[<
ffffffc0000c46f8>] do_group_exit+0x4c/0xe4
[<
ffffffc0000d0f34>] get_signal+0x444/0x5e0
[<
ffffffc000089fcc>] do_signal+0x1d8/0x450
[<
ffffffc00008a35c>] do_notify_resume+0x70/0x78
The oom victim cannot terminate because it needs to take mmap_sem for
write while the lock is held by ksmd for read which loops in the page
allocator
ksm_do_scan
scan_get_next_rmap_item
down_read
get_next_rmap_item
alloc_rmap_item #ksmd will loop permanently.
There is no way forward because the oom victim cannot release any memory
in 4.1 based kernel. Since 4.6 we have the oom reaper which would solve
this problem because it would release the memory asynchronously.
Nevertheless we can relax alloc_rmap_item requirements and use
__GFP_NORETRY because the allocation failure is acceptable as ksm_do_scan
would just retry later after the lock got dropped.
Such a patch would be also easy to backport to older stable kernels which
do not have oom_reaper.
While we are at it add GFP_NOWARN so the admin doesn't have to be alarmed
by the allocation failure.
Link: http://lkml.kernel.org/r/1474165570-44398-1-git-send-email-zhongjiang@huawei.com
Signed-off-by: zhong jiang <zhongjiang@huawei.com>
Suggested-by: Hugh Dickins <hughd@google.com>
Suggested-by: Michal Hocko <mhocko@suse.cz>
Acked-by: Michal Hocko <mhocko@suse.com>
Acked-by: Hugh Dickins <hughd@google.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
[jcsing.lee: cherry-pick from linux-3.18.y to fix ltp issue]
Signed-off-by: Jaechul Lee <jcsing.lee@samsung.com>
Change-Id: I491c912e110399da272b268cdb40508ba1b9f916
Fabian Frederick [Tue, 2 Aug 2016 21:03:07 +0000 (14:03 -0700)]
sysv, ipc: fix security-layer leaking
[ Upstream commit
9b24fef9f0410fb5364245d6cc2bd044cc064007 ]
Commit
53dad6d3a8e5 ("ipc: fix race with LSMs") updated ipc_rcu_putref()
to receive rcu freeing function but used generic ipc_rcu_free() instead
of msg_rcu_free() which does security cleaning.
Running LTP msgsnd06 with kmemleak gives the following:
cat /sys/kernel/debug/kmemleak
unreferenced object 0xffff88003c0a11f8 (size 8):
comm "msgsnd06", pid 1645, jiffies
4294672526 (age 6.549s)
hex dump (first 8 bytes):
1b 00 00 00 01 00 00 00 ........
backtrace:
kmemleak_alloc+0x23/0x40
kmem_cache_alloc_trace+0xe1/0x180
selinux_msg_queue_alloc_security+0x3f/0xd0
security_msg_queue_alloc+0x2e/0x40
newque+0x4e/0x150
ipcget+0x159/0x1b0
SyS_msgget+0x39/0x40
entry_SYSCALL_64_fastpath+0x13/0x8f
Manfred Spraul suggested to fix sem.c as well and Davidlohr Bueso to
only use ipc_rcu_free in case of security allocation failure in newary()
Fixes:
53dad6d3a8e ("ipc: fix race with LSMs")
Link: http://lkml.kernel.org/r/1470083552-22966-1-git-send-email-fabf@skynet.be
Signed-off-by: Fabian Frederick <fabf@skynet.be>
Cc: Davidlohr Bueso <dbueso@suse.de>
Cc: Manfred Spraul <manfred@colorfullife.com>
Cc: <stable@vger.kernel.org> [3.12+]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
[jcsing.lee: cherry-pick from linux-3.18.y to fix ltp issue]
Signed-off-by: Jaechul Lee <jcsing.lee@samsung.com>
Change-Id: I4e9ab23d55251dc816db9408e89d9a5baf49cfda
Miklos Szeredi [Fri, 1 Jul 2016 12:56:07 +0000 (14:56 +0200)]
locks: use file_inode()
[ Upstream commit
6343a2120862f7023006c8091ad95c1f16a32077 ]
(Another one for the f_path debacle.)
ltp fcntl33 testcase caused an Oops in selinux_file_send_sigiotask.
The reason is that generic_add_lease() used filp->f_path.dentry->inode
while all the others use file_inode(). This makes a difference for files
opened on overlayfs since the former will point to the overlay inode the
latter to the underlying inode.
So generic_add_lease() added the lease to the overlay inode and
generic_delete_lease() removed it from the underlying inode. When the file
was released the lease remained on the overlay inode's lock list, resulting
in use after free.
Reported-by: Eryu Guan <eguan@redhat.com>
Fixes:
4bacc9c9234c ("overlayfs: Make f_path always point to the overlay and f_inode to the underlay")
Cc: <stable@vger.kernel.org>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Reviewed-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
[jcsing.lee: cherry-pick from linux-3.18.y to fix ltp issue]
Signed-off-by: Jaechul Lee <jcsing.lee@samsung.com>
Change-Id: I6091178a330b85ebb34022f9fbbd5226516399f5
Junling Zheng [Mon, 1 Jun 2015 09:28:00 +0000 (09:28 +0000)]
net: socket: Fix the wrong returns for recvmsg and sendmsg
[ Upstream commit HEAD ]
Based on
08adb7dabd4874cc5666b4490653b26534702ce0 upstream.
We found that after v3.10.73, recvmsg might return -EFAULT while -EINVAL
was expected.
We tested it through the recvmsg01 testcase come from LTP testsuit. It set
msg->msg_namelen to -1 and the recvmsg syscall returned errno 14, which is
unexpected (errno 22 is expected):
recvmsg01 4 TFAIL : invalid socket length ; returned -1 (expected -1),
errno 14 (expected 22)
Linux mainline has no this bug for commit
08adb7dab fixes it accidentally.
However, it is too large and complex to be backported to LTS 3.10.
Commit
281c9c36 (net: compat: Update get_compat_msghdr() to match
copy_msghdr_from_user() behaviour) made get_compat_msghdr() return
error if msg_sys->msg_namelen was negative, which changed the behaviors
of recvmsg and sendmsg syscall in a lib32 system:
Before commit
281c9c36, get_compat_msghdr() wouldn't fail and it would
return -EINVAL in move_addr_to_user() or somewhere if msg_sys->msg_namelen
was invalid and then syscall returned -EINVAL, which is correct.
And now, when msg_sys->msg_namelen is negative, get_compat_msghdr() will
fail and wants to return -EINVAL, however, the outer syscall will return
-EFAULT directly, which is unexpected.
This patch gets the return value of get_compat_msghdr() as well as
copy_msghdr_from_user(), then returns this expected value if
get_compat_msghdr() fails.
Fixes:
281c9c36 (net: compat: Update get_compat_msghdr() to match copy_msghdr_from_user() behaviour)
Signed-off-by: Junling Zheng <zhengjunling@huawei.com>
Signed-off-by: Hanbing Xu <xuhanbing@huawei.com>
Cc: Li Zefan <lizefan@huawei.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: David Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit
5ca74d43d929e6ecaba677a411f0e81371d61f76)
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
[sw0312.kim: cherry-pick from linux-3.18.y to fix ltp issue]
Reported-by: Jaechul Lee <jcsing.lee@samsung.com>
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Change-Id: Idd759ce13ae9a66ca823513724818e7e3f41ce42
Ben Seri [Sat, 9 Sep 2017 21:15:59 +0000 (23:15 +0200)]
Bluetooth: Properly check L2CAP config option output buffer length
commit
e860d2c904d1a9f38a24eb44c9f34b8f915a6ea3 upstream.
Validate the output buffer length for L2CAP config requests and responses
to avoid overflowing the stack buffer used for building the option blocks.
Signed-off-by: Ben Seri <ben@armis.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[sw0312.kim: Cherry-pick from linux-3.18.y tree to fix CVE-2017-1000251]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Change-Id: I479e2d5141a9cb0b5bc105dc40298cbd4bddbff0
Denis Khalikov [Fri, 25 Aug 2017 11:02:13 +0000 (14:02 +0300)]
packaging: Disable UBSan build
UBSan build on kernel will cause build error because kernel has its own
sanitizer build options. So, dislable UBSan build from packaging spec.
Change-Id: Ia7cccf6daf0718e6d34b0382a62edc18f02ba999
Signed-off-by: Denis Khalikov <d.khalikov@partner.samsung.com>
Jin-young Jeon [Mon, 14 Aug 2017 08:26:31 +0000 (17:26 +0900)]
video/fbdev: decon: fix wrong pixel format setting.
fix wrong pixel format setting.
This patch comes from product kernel.
Change-Id: If5008ffacb65afef7e819ceea4f4b11bb666464e
Signed-off-by: Jin-young Jeon <jy0.jeon@samsung.com>
Signed-off-by: Inki Dae <inki.dae@samsung.com>
Jin-young Jeon [Tue, 15 Aug 2017 08:07:33 +0000 (17:07 +0900)]
drm/tgm: tdm/pp: add shift setting operation during set size.
add shift setting operation during set size
This patch comes from product kernel.
Change-Id: I98692214aaec340db6efecbcb240288d86e14241
Signed-off-by: Jin-young Jeon <jy0.jeon@samsung.com>
Signed-off-by: Inki Dae <inki.dae@samsung.com>
Jin-young Jeon [Mon, 7 Aug 2017 06:39:51 +0000 (15:39 +0900)]
drm/tgm: tdm/pp: add alignmentation to fix cropping problem.
add alignmentation to fix cropping problem
This patch comes from product kernel.
Change-Id: I2901cbe286471ae47932ea7970e5d1025eef0aa9
Signed-off-by: Jin-young Jeon <jy0.jeon@samsung.com>
Signed-off-by: Inki Dae <inki.dae@samsung.com>
Jaechul Lee [Wed, 23 Aug 2017 00:32:45 +0000 (09:32 +0900)]
packaging: Remove permission settings for devel package
Setting 644 permissions for devel package is removed. The all files in
the devel package are created with 644 permission. As a result, executable
files don't work when building out-of-tree module because they don't have a
execution permission.
Change-Id: I79854937593af982ed829a39446273e89e91a5f5
Signed-off-by: Jaechul Lee <jcsing.lee@samsung.com>
Seung-Woo Kim [Mon, 21 Aug 2017 23:27:32 +0000 (08:27 +0900)]
packaging: fix to create uapi header before kernel build
To create proper kernel devel package, kernel should not be cleaned
after build. So, fix to create uapi header which execute clean
before kernel build.
Change-Id: Ie83a2ea56815561074b3e1ee0e77719cbd8a4711
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Seung-Woo Kim [Tue, 22 Aug 2017 00:21:55 +0000 (09:21 +0900)]
packaging: remove unnecessary files from devel package
The files created by build, including Image and merged-dtb, are not
necessary in devel package. Also, for arm64, compressed image is
not zImage or bzImage but Image.gz. Remove the unnecessary files
from devel package instead of not existing zImage or bzImage.
Change-Id: I5c930133a0d062f68545054c84f7229b62a4b1a3
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Jaechul Lee [Thu, 10 Aug 2017 02:18:56 +0000 (11:18 +0900)]
packaging: Remove symbolic link in a devel package
The symbolic link to kernel-devel-tizen-dev doesn't need anymore because
those who want to build SWAP-DA will use the absolute package name for
building respectively on the several kernels.
The out-of-tree kernel module build uses absolute devel package name to
bulid SWAP-DA. It should be left out to prevent a conflict between
each kernel devel packages.
Change-Id: I6b55002174a424267db4d5cb4a5c09d9a0ad8358
Signed-off-by: Jaechul Lee <jcsing.lee@samsung.com>
Alexander Aksenov [Fri, 4 Aug 2017 05:10:11 +0000 (14:10 +0900)]
ARM64: tizen_tw2_defconfig: enable MODULES
To support kernel modules build, loading, and unloading enable config
option MODULES and force loading and unloading options.
Change-Id: If67e5a8c5ae91c632a3225244a385ac9ff26728b
Signed-off-by: Alexander Aksenov <a.aksenov@samsung.com>
[sw0312.kim: spilt config patch and adjust commit-msg]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Seung-Woo Kim [Fri, 4 Aug 2017 05:03:50 +0000 (14:03 +0900)]
kconfig: fix not to select TIMA_LKMAUTH from MODULES
TIMA_LKMAUTH prevents loading modules built for development. Fix
not to select TIMA_LKMAUTH by selecting MODULES for possibility
to set the config option.
Change-Id: I65b084ff31e7428296d8995ecb1a9c7a005118c8
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Alexander Aksenov [Fri, 4 Aug 2017 02:55:04 +0000 (11:55 +0900)]
misc: mcu_ipc: fix duplicated export symbol
There is duplicated export symbol with EXPORT_SYMBOL(). Fix one from
the symbols with proper function name.
With this modification, build error with CONFIG_MODULES is removed.
Change-Id: I696e324cc55ac381063ba8e442dc45e55ba78a01
Signed-off-by: Alexander Aksenov <a.aksenov@samsung.com>
[sw0312.kim: spilt mcu_ipc patch and adjust commit-msg]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Jin-young Jeon [Thu, 6 Jul 2017 05:32:18 +0000 (14:32 +0900)]
drm/tgm: tdm_pp: add pp_set_planar_addr().
It should be supported to divide each planar address.
This patch is from product kernel.
Change-Id: I3bd2cfa5fabd67ee57ffb7a575e6bf35e2ba161e
Signed-off-by: Jin-young Jeon <jy0.jeon@samsung.com>
Signed-off-by: Inki Dae <inki.dae@samsung.com>
Jin-young Jeon [Thu, 6 Jul 2017 04:35:27 +0000 (13:35 +0900)]
drm/tgm: tdm_pp: add size field on tdm_pp_buf_info.
This patch is from product kernel.
Change-Id: I4d2901793835fe708781ad72c0a3fd28d4608d41
Signed-off-by: Jin-young Jeon <jy0.jeon@samsung.com>
Signed-off-by: Inki Dae <inki.dae@samsung.com>
Jin-young Jeon [Thu, 6 Jul 2017 04:33:17 +0000 (13:33 +0900)]
drm/tgm: tbm: add tbm_gem_get_size().
This patch is from product kernel.
Change-Id: Ia5089be4a803861b66eb17d4463efe860e17914d
Signed-off-by: Jin-young Jeon <jy0.jeon@samsung.com>
Signed-off-by: Inki Dae <inki.dae@samsung.com>
Inki Dae [Thu, 6 Jul 2017 01:24:35 +0000 (10:24 +0900)]
ARM64: tizen_tw2_defconfig: disble VIDEO_EXYNOS_SCALER
This patch disbles V4L2 based scaler driver.
We use DRM based IPP driver so this configuraion should be disabled.
Change-Id: If1544d8b4db9225f26db51c2c9a1c3940b36be5e
Signed-off-by: Inki Dae <inki.dae@samsung.com>
Inki Dae [Tue, 4 Jul 2017 01:41:39 +0000 (10:41 +0900)]
ARM64: tizen_tw2_defconfig: enable post processing driver
This patch enables post processing driver for TGM module.
Change-Id: Iff25cbe6383231d81b2b44b3773769300103e087
Signed-off-by: Inki Dae <inki.dae@samsung.com>
Inki Dae [Tue, 4 Jul 2017 01:38:18 +0000 (10:38 +0900)]
drm/tgm: code sync with product kernel
This patch synchronizes tgm driver with latest product kernel.
Almost patches have been merged based on original patch of product kernel
but there are missing code from beginning so regarding this code,
I have merged it manually.
Change-Id: If699b55a5ad67e7a82e8195376d81ffbebf78535
Signed-off-by: Inki Dae <inki.dae@samsung.com>
Jin-young Jeon [Thu, 29 Jun 2017 10:11:18 +0000 (19:11 +0900)]
drm/tgm: tdm: change completion interface.
Add cmd completion instead of start / stop completion.
This patch is from product kernel.
Change-Id: I09d0e61d307d619db1ebb61b8e4242edff4a4259
Signed-off-by: Jin-young Jeon <jy0.jeon@samsung.com>
Signed-off-by: Inki Dae <inki.dae@samsung.com>
Jin-young Jeon [Tue, 20 Jun 2017 06:12:46 +0000 (15:12 +0900)]
drm/tgm: tdm: add ttrace log to check vsync
This patch is from product kernel.
Change-Id: I46d68956d4cbf196379a3f6037189712248694dd
Signed-off-by: Jin-young Jeon <jy0.jeon@samsung.com>
Signed-off-by: Inki Dae <inki.dae@samsung.com>
Jin-young Jeon [Thu, 8 Jun 2017 04:16:07 +0000 (13:16 +0900)]
drm/tgm: tdm/pp: add fence mechanism on TDM PP.
This patch is from product kernel.
Change-Id: Iae386e3a0a1984d9dec157153a280ac5886ba5e0
Signed-off-by: Jin-young Jeon <jy0.jeon@samsung.com>
Signed-off-by: Inki Dae <inki.dae@samsung.com>
Jin-young Jeon [Thu, 8 Jun 2017 02:05:25 +0000 (11:05 +0900)]
drm/tgm: tbm: add get dma_buf interface.
This patch is from product kernel.
Change-Id: Id6c8221c75b2bd715968df8fdd49d4b86f26a599
Signed-off-by: Jin-young Jeon <jy0.jeon@samsung.com>
Signed-off-by: Inki Dae <inki.dae@samsung.com>
jonggab.park [Fri, 28 Apr 2017 08:13:56 +0000 (17:13 +0900)]
drm/tdm: implement msc driver to support PP.
MSC driver is included. This patch is from product kernel.
Change-Id: Ibe08ff732fb4e5cc9718b59254cd52f8716bad5b
Signed-off-by: Jin-young Jeon <jy0.jeon@samsung.com>
Signed-off-by: Inki Dae <inki.dae@samsung.com>
jonggab.park [Fri, 28 Apr 2017 08:02:34 +0000 (17:02 +0900)]
drm/tdm: implement PP interface.
PP interface is included. This patch is from product kernel.
Change-Id: I44d06ab017e2023440010ad64a4265e24954f0c2
Signed-off-by: Jin-young Jeon <jy0.jeon@samsung.com>
Signed-off-by: Inki Dae <inki.dae@samsung.com>
jonggab.park [Fri, 28 Apr 2017 05:24:45 +0000 (14:24 +0900)]
drm/tbm: add get/put dma address interface.
DMA address interface set for pp driver.
This patch is from product kernel.
Change-Id: I41ad97483fdd7f0e3c17fc216d04d47edca2f8b1
Signed-off-by: Jin-young Jeon <jy0.jeon@samsung.com>
Signed-off-by: Inki Dae <inki.dae@samsung.com>
projects / profile / wearable / platform / kernel / linux-3.18-exynos7270.git / log