sdk/emulator/emulator-kernel.git
9 years agopermission: remove useless execute permission 25/32425/1
Sooyoung Ha [Thu, 18 Dec 2014 06:12:26 +0000 (15:12 +0900)]
permission: remove useless execute permission

Change-Id: I0e44e362f0cbfd16b788613be637954b21111da7
Signed-off-by: Sooyoung Ha <yoosah.ha@samsung.com>
9 years agohwkey: added virtqueue_add_inbuf before virtqueue_kick 23/32223/1
sungmin ha [Tue, 16 Dec 2014 06:21:14 +0000 (15:21 +0900)]
hwkey: added virtqueue_add_inbuf before virtqueue_kick

Change-Id: Icf632a24426b6fb51cf77d59cea07e4bc6e73b23
Signed-off-by: sungmin ha <sungmin82.ha@samsung.com>
9 years agobrillcodec: add ioctl/mmio command for profile module. 42/31342/1
gunsoo83.kim [Thu, 4 Dec 2014 07:27:39 +0000 (16:27 +0900)]
brillcodec: add ioctl/mmio command for profile module.

- To check the profile status, add ioctl/mmio command
  in brillcodec driver.

Change-Id: Ia03f1b65f16ad8240214f267bf5839202f36ded3
Signed-off-by: gunsoo83.kim <gunsoo83.kim@samsung.com>
9 years agobrillcodec: introduce new feature MEMORY_MONOPOLIZING 85/31085/1
SeokYeon Hwang [Sun, 14 Sep 2014 10:01:14 +0000 (19:01 +0900)]
brillcodec: introduce new feature MEMORY_MONOPOLIZING

Change-Id: I9a35dce462efee60149ee5b168d3f2ba4c65ffff
Signed-off-by: SeokYeon Hwang <syeon.hwang@samsung.com>
9 years agobrillcodec: re-arrange device command 84/31084/1
SeokYeon Hwang [Sat, 13 Sep 2014 04:38:10 +0000 (13:38 +0900)]
brillcodec: re-arrange device command

Re-arrange device command.
Apply strict version checking.

Change-Id: Ia473254cef42b077662922a151314dbf51c6def4
Signed-off-by: SeokYeon Hwang <syeon.hwang@samsung.com>
9 years agobrillcodec: introduce brillcodec version 3 83/31083/1
SeokYeon Hwang [Fri, 12 Sep 2014 08:33:56 +0000 (17:33 +0900)]
brillcodec: introduce brillcodec version 3

Change-Id: Ie08b8b4ee8094ce20b9f80f52c72aadcd4f34df5
Signed-off-by: SeokYeon Hwang <syeon.hwang@samsung.com>
10 years agobuild: package version up (2.0.7) 18/30518/1
Alice Liu [Wed, 19 Nov 2014 09:31:55 +0000 (17:31 +0800)]
build: package version up (2.0.7)

Change-Id: Ia66a12033af5e3a3b3290da710be1b834f07945b
Signed-off-by: Alice Liu <alice.liu@intel.com>
10 years agoconfig: turn CAN on 14/30514/1
Alice Liu [Wed, 19 Nov 2014 08:53:02 +0000 (16:53 +0800)]
config: turn CAN on

Change-Id: I28779b1f4a0bfcb0154126a703eed81116045afe
Signed-off-by: Alice Liu <alice.liu@intel.com>
10 years agobuild: package version up (2.0.6) 82/30082/4
Alice Liu [Mon, 10 Nov 2014 06:31:35 +0000 (14:31 +0800)]
build: package version up (2.0.6)

Change-Id: I0d5f488c2be7488b2d09b4afa015251d436cd772
Signed-off-by: Alice Liu <alice.liu@intel.com>
Signed-off-by: Jinhyung Jo <jinhyung.jo@samsung.com>
10 years agoMerge "v4l2-core: Modified error code" into tizen_next
SeokYeon Hwang [Mon, 10 Nov 2014 06:51:26 +0000 (22:51 -0800)]
Merge "v4l2-core: Modified error code" into tizen_next

10 years agobuild: package version up (2.0.5) 81/30081/1
Alice Liu [Fri, 7 Nov 2014 06:14:14 +0000 (14:14 +0800)]
build: package version up (2.0.5)

Change-Id: I76a8d2c8eb6fcdeb0c7cd7f13c6188f4ae1a9aeb
Signed-off-by: Alice Liu <alice.liu@intel.com>
(cherry picked from commit 544d87c449e77c5dadc8a4b7fc99f95880662917)

10 years agov4l2-core: Modified error code 79/30079/1
jinhyung.jo [Mon, 23 Jun 2014 07:34:18 +0000 (16:34 +0900)]
v4l2-core: Modified error code

The gst-plugins-good0.10 does not handle this error code(ENODATA).
Thus, using the error code(ENOTTY), it can handle.
Temporary patch, until gst-plugins-good is updated.

Change-Id: I95d6f01c1051e0f98f7ae1bbc1d386a04817bf65
Signed-off-by: Jinhyung Jo <jinhyung.jo@samsung.com>
10 years agoconfig: turn SMP on 37/29637/1
SeokYeon Hwang [Fri, 31 Oct 2014 03:17:45 +0000 (12:17 +0900)]
config: turn SMP on

Change-Id: I8ef7fa05bb21204ab57980d2e36455e6553574fc
Signed-off-by: SeokYeon Hwang <syeon.hwang@samsung.com>
10 years agoMerge "Revert "uname: Add Emulator specific name"" into tizen tizen_3.0.2014.q4_common tizen_3.0.2015.q1_common tizen_3.0.2015.q2_common tizen_3.0.m1_mobile tizen_3.0.m1_tv accepted/tizen/common/20141029.134526 submit/tizen_common/20141029.133645 submit/tizen_common/20151229.142028 submit/tizen_common/20151229.144031 submit/tizen_common/20151229.154718 submit/tizen_mobile/20141120.000000 tizen_3.0.m1_mobile_release tizen_3.0.m1_tv_release tizen_3.0.m2.a1_mobile_release tizen_3.0.m2.a1_tv_release
SeokYeon Hwang [Wed, 29 Oct 2014 11:47:47 +0000 (04:47 -0700)]
Merge "Revert "uname: Add Emulator specific name"" into tizen

10 years agoconfig: enable CONFIG_FHANDLE 23/29523/2
SeokYeon Hwang [Wed, 29 Oct 2014 04:56:55 +0000 (13:56 +0900)]
config: enable CONFIG_FHANDLE

Enable CONFIG_FHANDLE for systemd >= 209.

Change-Id: I4f17ab5b6dc0d203812aad11d1dbf4e8bf50fb98
Signed-off-by: SeokYeon Hwang <syeon.hwang@samsung.com>
10 years agoremove IVI specific config file 21/29521/1
SeokYeon Hwang [Wed, 29 Oct 2014 04:49:17 +0000 (13:49 +0900)]
remove IVI specific config file

remove IVI specific config file and build script. It is not necessary anymore.

Change-Id: Ie477812d7b703a0fd7a0474c1b8f3a090f65793d
Signed-off-by: SeokYeon Hwang <syeon.hwang@samsung.com>
10 years agoRevert "uname: Add Emulator specific name" 33/29333/1
Maciej Wereski [Fri, 24 Oct 2014 09:21:16 +0000 (11:21 +0200)]
Revert "uname: Add Emulator specific name"

This commit breaks userspace. systemd > 210 is unable to start, it also
causes problems with RPM.

Bug-Tizen: TC-1908

This reverts commit 3cbb49dcb48458572169d94bf7ec6015ed748f1b.

Change-Id: I46eba1846884f42503874921815eb5fac470fbce
Signed-off-by: Maciej Wereski <m.wereski@partner.samsung.com>
10 years agosensor: added pressure, ultraviolet, and hrm sensor 45/28745/4 tizen_linux_3.12
Jinhyung Choi [Wed, 15 Oct 2014 09:57:10 +0000 (18:57 +0900)]
sensor: added pressure, ultraviolet, and hrm sensor

- modified and converted the value (sync with sensor fw)

Change-Id: I087418ae5c756042489d558d32b92baef6492e6a
Signed-off-by: Jinhyung Choi <jinhyung2.choi@samsung.com>
10 years agoperf tools: define _DEFAULT_SOURCE for glibc_2.20 47/28447/1 accepted/tizen/common/20141008.083157 submit/tizen/20141008.044841
Chanho Park [Fri, 12 Sep 2014 02:03:01 +0000 (11:03 +0900)]
perf tools: define _DEFAULT_SOURCE for glibc_2.20

_BSD_SOURCE was deprecated in favour of _DEFAULT_SOURCE since glibc
2.20[1]. To avoid build warning on glibc2.20, _DEFAULT_SOURCE should
also be defined.

[1]: https://sourceware.org/glibc/wiki/Release/2.20

Change-Id: If79141944eab78f0fa6a747a4cf1c9109d59485e
Signed-off-by: Chanho Park <chanho61.park@samsung.com>
10 years agopackaging: makes repo / tarball name matching and other config fixes 87/28287/1 sandbox/pcoval/tizen accepted/tizen/common/20141006.135521 submit/tizen_common/20141006.122133
Philippe Coval [Tue, 30 Sep 2014 13:34:42 +0000 (15:34 +0200)]
packaging: makes repo / tarball name matching and other config fixes

Change-Id: I99ec485c8cf4cb7c3f8f460a730dc3f8d42d9559
Bug-Tizen: TC-5/part
Signed-off-by: Philippe Coval <philippe.coval@open.eurogiciel.org>
10 years agopackaging: workaround missing v3.12.18 tag from upstream git 51/27151/4
Philippe Coval [Fri, 5 Sep 2014 09:09:23 +0000 (11:09 +0200)]
packaging: workaround missing v3.12.18 tag from upstream git

The right way to fix it maintainer side is :

   git remote add upstream https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable
   git fetch --tags
   git push --tags origin

Change-Id: I0443946e85fc43d474afe4f8f48c87f571becacb
Bug-Tizen: TC-5/part
Signed-off-by: Philippe Coval <philippe.coval@open.eurogiciel.org>
10 years agoMerge "VIGS: Remove rotation definitions" into tizen
SeokYeon Hwang [Mon, 15 Sep 2014 04:50:59 +0000 (21:50 -0700)]
Merge "VIGS: Remove rotation definitions" into tizen

10 years agoVIGS: Remove rotation definitions 59/27359/1
Vasiliy Ulyanov [Thu, 11 Sep 2014 13:17:35 +0000 (17:17 +0400)]
VIGS: Remove rotation definitions

Change-Id: I1f2b1044eef71954fe678cf037837e3d9d615f8e
Signed-off-by: Vasiliy Ulyanov <v.ulyanov@samsung.com>
10 years agopackaging: build only for emulator supported target 61/27161/3
Philippe Coval [Fri, 5 Sep 2014 09:55:44 +0000 (11:55 +0200)]
packaging: build only for emulator supported target

At the moment only ia32 emulator is supported.
It may be expanded to other targets later if supported

Change-Id: If75035c02606b5ea1cf71eeea1c3c8de7084cb90
Bug-Tizen: TC-5/part
Signed-off-by: Philippe Coval <philippe.coval@open.eurogiciel.org>
10 years agoMerge "package: Prevent marking "+" at kernel version." into tizen submit/tizen_common/20140905.094502
Sangho Park [Fri, 5 Sep 2014 00:50:39 +0000 (17:50 -0700)]
Merge "package: Prevent marking "+" at kernel version." into tizen

10 years agoMerge "Smack: Fix setting label on successful file open" into tizen
Sangho Park [Thu, 4 Sep 2014 12:29:28 +0000 (05:29 -0700)]
Merge "Smack: Fix setting label on successful file open" into tizen

10 years agoMerge "packaging: Initial packaging on 3.12.18 for Tizen" into tizen
Sangho Park [Thu, 4 Sep 2014 12:27:52 +0000 (05:27 -0700)]
Merge "packaging: Initial packaging on 3.12.18 for Tizen" into tizen

10 years agopackage: Prevent marking "+" at kernel version. 63/27063/2
SeokYeon Hwang [Thu, 4 Sep 2014 02:08:40 +0000 (11:08 +0900)]
package: Prevent marking "+" at kernel version.

Prevent marking "+" at kernel version.
Version up 2.0.4.

Change-Id: I21f1d0da59007e343533b43ea48fbefc689ad540
Signed-off-by: SeokYeon Hwang <syeon.hwang@samsung.com>
10 years agopackaging: Initial packaging on 3.12.18 for Tizen 77/26877/1
Philippe Coval [Fri, 29 Aug 2014 16:46:21 +0000 (18:46 +0200)]
packaging: Initial packaging on 3.12.18 for Tizen

kernel-emulator.spec file is based on current version of kernel-common

.gbs.conf uses tags from upstream

Change-Id: I7cf72591d5acfb68b9a7127b577dbad5c02f3813
Bug-Tizen: TC-5/part
Signed-off-by: Philippe Coval <philippe.coval@open.eurogiciel.org>
10 years agopackage: version up 95/26695/1
jinhyung.jo [Thu, 28 Aug 2014 01:13:25 +0000 (10:13 +0900)]
package: version up

up to 2.0.3

Change-Id: I856f8c95254491106ed40cc0a2969ce67f7b9fb4
Signed-off-by: Jinhyung Jo <jinhyung.jo@samsung.com>
10 years agoMerge changes Ic127028b,I00f81cd8 into tizen
SeokYeon Hwang [Tue, 26 Aug 2014 11:34:31 +0000 (04:34 -0700)]
Merge changes Ic127028b,I00f81cd8 into tizen

* changes:
  VIGS: Implement plane flip/rotate
  VIGS: fix DPMS deadlock

10 years agoMerge changes If3e687d6,Ic16f1bd8 into tizen
SeokYeon Hwang [Tue, 26 Aug 2014 11:34:08 +0000 (04:34 -0700)]
Merge changes If3e687d6,Ic16f1bd8 into tizen

* changes:
  VIGS: Support YUV420 planar format
  VIGS: Support DP memory and planar pixel formats

10 years agoSmack: Fix setting label on successful file open 51/26551/1
Marcin Niesluchowski [Tue, 19 Aug 2014 12:26:32 +0000 (14:26 +0200)]
Smack: Fix setting label on successful file open

While opening with CAP_MAC_OVERRIDE file label is not set.
Other calls may access it after CAP_MAC_OVERRIDE is dropped from process.

Change-Id: I1d9cdeb325c397dfb0b97e60eb7b2842c1819d99
Signed-off-by: Marcin Niesluchowski <m.niesluchow@samsung.com>
10 years agoVIGS: Implement plane flip/rotate 16/26416/1
Stanislav Vorobiov [Fri, 22 Aug 2014 06:53:21 +0000 (10:53 +0400)]
VIGS: Implement plane flip/rotate

Planes can now be horizontally/vertically flipped
and rotated by 90, 180 or 270 degrees

Change-Id: Ic127028b25fcb4f83ef4edb488c49c2da71cf8ec
Signed-off-by: Stanislav Vorobiov <s.vorobiov@samsung.com>
10 years agoVIGS: Support YUV420 planar format 49/26349/1
Stanislav Vorobiov [Fri, 4 Jul 2014 13:31:29 +0000 (17:31 +0400)]
VIGS: Support YUV420 planar format

Change-Id: If3e687d6e8a53fe0ab551475c90851b4e60ebf79
Signed-off-by: Stanislav Vorobiov <s.vorobiov@samsung.com>
10 years agoVIGS: fix DPMS deadlock 50/26350/1
Stanislav Vorobiov [Tue, 5 Aug 2014 10:16:32 +0000 (14:16 +0400)]
VIGS: fix DPMS deadlock

fb call chain callback might issue FB_BLANK event
itself, this leads to DPMS call in DRM. If fb call
chain walk is initiated from DPMS then this leads to
deadlock

Change-Id: I00f81cd8f81ea783f740f11767f65e4c01097989
Signed-off-by: Stanislav Vorobiov <s.vorobiov@samsung.com>
10 years agoVIGS: Support DP memory and planar pixel formats 48/26348/1
Stanislav Vorobiov [Wed, 11 Jun 2014 15:25:52 +0000 (19:25 +0400)]
VIGS: Support DP memory and planar pixel formats

DP memory is used by some of the tizen
gstreamer plugins, TBM and X.Org video driver.
Its main purpose is to share GEM buffers between
media decoding and presentation layers

Planar pixel formats such as NV21 need to be
supported in order to be able to play video right
from decoder's output buffer, i.e. without
converting it to RGB

Change-Id: Ic16f1bd8b53e73b8ca0d3a5a3a52442f3c04770c
Signed-off-by: Stanislav Vorobiov <s.vorobiov@samsung.com>
10 years agobrillcodec: add new command for reducing I/O 63/26163/2
SeokYeon Hwang [Wed, 13 Aug 2014 04:31:07 +0000 (13:31 +0900)]
brillcodec: add new command for reducing I/O

Add command CODEC_DECODE_VIDEO2.
Clean-up source.

Change-Id: I37f8a6b3c08021e3db4a4f020b663c3f89ad8edf
Signed-off-by: SeokYeon Hwang <syeon.hwang@samsung.com>
10 years agopackage: version up 02/24402/2
Munkyu Im [Fri, 11 Jul 2014 11:57:26 +0000 (20:57 +0900)]
package: version up

Change-Id: Iffa790f15e45521b19a77f1a45d1562fd2e1dff8
Signed-off-by: Munkyu Im <munkyu.im@samsung.com>
10 years agouname: Add Emulator specific name 01/24401/3
Munkyu Im [Fri, 11 Jul 2014 11:56:55 +0000 (20:56 +0900)]
uname: Add Emulator specific name

To distinguish between real device and emulator,
add "_emulated" postfix into machine hardware name.

Change-Id: I0a801a127d0fb62314d6d30cac03febfd6d49801
Signed-off-by: Munkyu Im <munkyu.im@samsung.com>
10 years agosensor: added rotation vector sensor driver 56/23956/3
Jinhyung Choi [Mon, 7 Jul 2014 04:58:00 +0000 (13:58 +0900)]
sensor: added rotation vector sensor driver

also added error handling of sensor init when one of sensors' init is failed.

Change-Id: I1fcaa4c454da8270c07c035789ace91225f2993b
Signed-off-by: Jinhyung Choi <jinhyung2.choi@samsung.com>
10 years agodebug: changed the way to print debug message 05/23905/2
Jinhyung Choi [Fri, 4 Jul 2014 07:31:47 +0000 (16:31 +0900)]
debug: changed the way to print debug message

To enable debug message,
use 'echo 1 > /sys/module/maru_virtio_sensor/parameters/sensor_driver_debug'

Change-Id: I6c4b783b83563ea89c28161bed67af6e8dccb8c6
Signed-off-by: Jinhyung Choi <jinhyung2.choi@samsung.com>
10 years agoMerge "build: package version up (2.0.1)" into tizen
SeokYeon Hwang [Tue, 24 Jun 2014 04:46:07 +0000 (21:46 -0700)]
Merge "build: package version up (2.0.1)" into tizen

10 years agoMerge "sensors: device name changed to maru_sensor_[sensor_name]_1" into tizen
SeokYeon Hwang [Tue, 24 Jun 2014 04:44:46 +0000 (21:44 -0700)]
Merge "sensors: device name changed to maru_sensor_[sensor_name]_1" into tizen

10 years agoMerge "sensor: haptic device is added." into tizen
SeokYeon Hwang [Tue, 24 Jun 2014 04:43:54 +0000 (21:43 -0700)]
Merge "sensor: haptic device is added." into tizen

10 years agoMerge changes I6ad55d04,I63d57bc6,I42bb66ba,I73e29d98,Iaf0039c2,Ie71e8684,I5459ff41...
SeokYeon Hwang [Mon, 23 Jun 2014 06:29:11 +0000 (23:29 -0700)]
Merge changes I6ad55d04,I63d57bc6,I42bb66ba,I73e29d98,Iaf0039c2,Ie71e8684,I5459ff41,I43d82d48,I8ed75cea,Ib922cfec,I318b7d92,Ie9d53eca,Ibe366a4b,I473b1f61 into tizen

* changes:
  Warning in scanf string typing
  Smack: Verify read access on file open - v3
  Smack: bidirectional UDS connect check
  Smack: Correctly remove SMACK64TRANSMUTE attribute
  SMACK: Fix handling value==NULL in post setxattr
  bugfix patch for SMACK
  Smack: adds smackfs/ptrace interface
  Smack: unify all ptrace accesses in the smack
  Smack: fix the subject/object order in smack_ptrace_traceme()
  Minor improvement of 'smack_sb_kern_mount'
  smack: call WARN_ONCE() instead of calling audit_log_start()
  Smack: File receive audit correction
  Smack: Rationalize mount restrictions
  Smack: change rule cap check

10 years agoMerge "Smack: Prevent the * and @ labels from being used in SMACK64EXEC" into tizen
SeokYeon Hwang [Mon, 23 Jun 2014 06:26:07 +0000 (23:26 -0700)]
Merge "Smack: Prevent the * and @ labels from being used in SMACK64EXEC" into tizen

10 years agoWarning in scanf string typing 72/23272/1
Toralf Förster [Sun, 27 Apr 2014 17:33:34 +0000 (19:33 +0200)]
Warning in scanf string typing

This fixes a warning about the mismatch of types between
the declared unsigned and integer.

Change-Id: I6ad55d04b096092ae557ff0abf4e6bd87faab806
Signed-off-by: Toralf Förster <toralf.foerster@gmx.de>
10 years agoSmack: Verify read access on file open - v3 71/23271/1
Casey Schaufler [Mon, 21 Apr 2014 18:10:26 +0000 (11:10 -0700)]
Smack: Verify read access on file open - v3

Smack believes that many of the operatons that can
be performed on an open file descriptor are read operations.
The fstat and lseek system calls are examples.
An implication of this is that files shouldn't be open
if the task doesn't have read access even if it has
write access and the file is being opened write only.

Targeted for git://git.gitorious.org/smack-next/kernel.git

Change-Id: I63d57bc62cd08fa4e1f128b544e7ed7316456e4c
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
10 years agoSmack: bidirectional UDS connect check 70/23270/1
Casey Schaufler [Thu, 10 Apr 2014 23:37:08 +0000 (16:37 -0700)]
Smack: bidirectional UDS connect check

Smack IPC policy requires that the sender have write access
to the receiver. UDS streams don't do per-packet checks. The
only check is done at connect time. The existing code checks
if the connecting process can write to the other, but not the
other way around. This change adds a check that the other end
can write to the connecting process.

Targeted for git://git.gitorious.org/smack-next/kernel.git

Change-Id: I42bb66ba2f73c8e604bee85002fc9e419337732c
Signed-off-by: Casey Schuafler <casey@schaufler-ca.com>
10 years agoSmack: Correctly remove SMACK64TRANSMUTE attribute 69/23269/1
Casey Schaufler [Thu, 10 Apr 2014 23:35:36 +0000 (16:35 -0700)]
Smack: Correctly remove SMACK64TRANSMUTE attribute

Sam Henderson points out that removing the SMACK64TRANSMUTE
attribute from a directory does not result in the directory
transmuting. This is because the inode flag indicating that
the directory is transmuting isn't cleared. The fix is a tad
less than trivial because smk_task and smk_mmap should have
been broken out, too.

Targeted for git://git.gitorious.org/smack-next/kernel.git

Change-Id: I73e29d988fd5ca7502aeab01e340189420a95c75
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
10 years agoSMACK: Fix handling value==NULL in post setxattr 68/23268/1
José Bollo [Thu, 3 Apr 2014 11:48:41 +0000 (13:48 +0200)]
SMACK: Fix handling value==NULL in post setxattr

The function `smack_inode_post_setxattr` is called each
time that a setxattr is done, for any value of name.
The kernel allow to put value==NULL when size==0
to set an empty attribute value. The systematic
call to smk_import_entry was causing the dereference
of a NULL pointer hence a KERNEL PANIC!

The problem can be produced easily by issuing the
command `setfattr -n user.data file` under bash prompt
when SMACK is active.

Moving the call to smk_import_entry as proposed by this
patch is correcting the behaviour because the function
smack_inode_post_setxattr is called for the SMACK's
attributes only if the function smack_inode_setxattr validated
the value and its size (what will not be the case when size==0).

It also has a benefical effect to not fill the smack hash
with garbage values coming from any extended attribute
write.

Change-Id: Iaf0039c2be9bccb6cee11c24a3b44d209101fe47
Signed-off-by: José Bollo <jose.bollo@open.eurogiciel.org>
10 years agobugfix patch for SMACK 67/23267/1
Pankaj Kumar [Fri, 13 Dec 2013 09:42:22 +0000 (15:12 +0530)]
bugfix patch for SMACK

1. In order to remove any SMACK extended attribute from a file, a user
should have CAP_MAC_ADMIN capability. But user without having this
capability is able to remove SMACK64MMAP security attribute.

2. While validating size and value of smack extended attribute in
smack_inode_setsecurity hook, wrong error code is returned.

Change-Id: Ie71e86840f47b6810aaf4ff9a577cdea8274925b
Signed-off-by: Pankaj Kumar <pamkaj.k2@samsung.com>
Signed-off-by: Himanshu Shukla <himanshu.sh@samsung.com>
10 years agoSmack: adds smackfs/ptrace interface 66/23266/1
Lukasz Pawelczyk [Tue, 11 Mar 2014 16:07:06 +0000 (17:07 +0100)]
Smack: adds smackfs/ptrace interface

This allows to limit ptrace beyond the regular smack access rules.
It adds a smackfs/ptrace interface that allows smack to be configured
to require equal smack labels for PTRACE_MODE_ATTACH access.
See the changes in Documentation/security/Smack.txt below for details.

Change-Id: I5459ff414e96dde0430ed8febd92c361c9dc1d81
Signed-off-by: Lukasz Pawelczyk <l.pawelczyk@partner.samsung.com>
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
10 years agoSmack: unify all ptrace accesses in the smack 65/23265/1
Lukasz Pawelczyk [Tue, 11 Mar 2014 16:07:05 +0000 (17:07 +0100)]
Smack: unify all ptrace accesses in the smack

The decision whether we can trace a process is made in the following
functions:
smack_ptrace_traceme()
smack_ptrace_access_check()
smack_bprm_set_creds() (in case the proces is traced)

This patch unifies all those decisions by introducing one function that
checks whether ptrace is allowed: smk_ptrace_rule_check().

This makes possible to actually trace with TRACEME where first the
TRACEME itself must be allowed and then exec() on a traced process.

Additional bugs fixed:
- The decision is made according to the mode parameter that is now correctly
  translated from PTRACE_MODE_* to MAY_* instead of being treated 1:1.
  PTRACE_MODE_READ requires MAY_READ.
  PTRACE_MODE_ATTACH requires MAY_READWRITE.
- Add a smack audit log in case of exec() refused by bprm_set_creds().
- Honor the PTRACE_MODE_NOAUDIT flag and don't put smack audit info
  in case this flag is set.

Change-Id: I43d82d480f331e8ef90da7c287b1e414d55ff394
Signed-off-by: Lukasz Pawelczyk <l.pawelczyk@partner.samsung.com>
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
10 years agoSmack: fix the subject/object order in smack_ptrace_traceme() 64/23264/1
Lukasz Pawelczyk [Tue, 11 Mar 2014 16:07:04 +0000 (17:07 +0100)]
Smack: fix the subject/object order in smack_ptrace_traceme()

The order of subject/object is currently reversed in
smack_ptrace_traceme(). It is currently checked if the tracee has a
capability to trace tracer and according to this rule a decision is made
whether the tracer will be allowed to trace tracee.

Change-Id: I8ed75ceabe822c70cf9bdccda004139c4c817248
Signed-off-by: Lukasz Pawelczyk <l.pawelczyk@partner.samsung.com>
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
10 years agoMinor improvement of 'smack_sb_kern_mount' 63/23263/1
José Bollo [Wed, 8 Jan 2014 14:53:05 +0000 (15:53 +0100)]
Minor improvement of 'smack_sb_kern_mount'

Fix a possible memory access fault when transmute is true and isp is NULL.

Change-Id: Ib922cfec405067ec5592880c4ae447969ba96633
Signed-off-by: José Bollo <jose.bollo@open.eurogiciel.org>
10 years agosmack: call WARN_ONCE() instead of calling audit_log_start() 62/23262/1
Richard Guy Briggs [Thu, 21 Nov 2013 18:57:33 +0000 (13:57 -0500)]
smack: call WARN_ONCE() instead of calling audit_log_start()

Remove the call to audit_log() (which call audit_log_start()) and deal with
the errors in the caller, logging only once if the condition is met.  Calling
audit_log_start() in this location makes buffer allocation and locking more
complicated in the calling tree (audit_filter_user()).

Change-Id: I318b7d926a10e9d63dfe170450345799788c6f12
Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
10 years agoSmack: File receive audit correction 61/23261/1
Casey Schaufler [Tue, 31 Dec 2013 01:37:45 +0000 (17:37 -0800)]
Smack: File receive audit correction

Eric Paris politely points out:

    Inside smack_file_receive() it seems like you are initting the audit
    field with LSM_AUDIT_DATA_TASK.  And then use
    smk_ad_setfield_u_fs_path().

    Seems like LSM_AUDIT_DATA_PATH would make more sense.  (and depending
    on how it's used fix a crash...)

He is correct. This puts things in order.

Targeted for git://git.gitorious.org/smack-next/kernel.git

Change-Id: Ie9d53ecac34d6332658c74739596ae7056574bad
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
10 years agoSmack: Rationalize mount restrictions 60/23260/1
Casey Schaufler [Mon, 30 Dec 2013 17:38:00 +0000 (09:38 -0800)]
Smack: Rationalize mount restrictions

The mount restrictions imposed by Smack rely heavily on the
use of the filesystem "floor", which is the label that all
processes writing to the filesystem must have access to. It
turns out that while the "floor" notion is sound, it has yet
to be fully implemented and has never been used.

The sb_mount and sb_umount hooks only make sense if the
filesystem floor is used actively, and it isn't. They can
be reintroduced if a rational restriction comes up. Until
then, they get removed.

The sb_kern_mount hook is required for the option processing.
It is too permissive in the case of unprivileged mounts,
effectively bypassing the CAP_MAC_ADMIN restrictions if
any of the smack options are specified. Unprivileged mounts
are no longer allowed to set Smack filesystem options.
Additionally, the root and default values are set to the
label of the caller, in keeping with the policy that objects
get the label of their creator.

Targeted for git://git.gitorious.org/smack-next/kernel.git

Change-Id: Ibe366a4b0d1827d271de8700446e3fa8d7e0b8df
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
10 years agoSmack: change rule cap check 59/23259/1
Casey Schaufler [Thu, 19 Dec 2013 21:23:26 +0000 (13:23 -0800)]
Smack: change rule cap check

smk_write_change_rule() is calling capable rather than
the more correct smack_privileged(). This allows for setting
rules in violation of the onlycap facility. This is the
simple repair.

Targeted for git://git.gitorious.org/smack-next/kernel.git

Change-Id: I473b1f610e0bc8f349babfac440b77e26fb1f073
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
10 years agoSmack: Prevent the * and @ labels from being used in SMACK64EXEC 58/23258/1
Casey Schaufler [Tue, 17 Dec 2013 00:27:26 +0000 (16:27 -0800)]
Smack: Prevent the * and @ labels from being used in SMACK64EXEC

Smack prohibits processes from using the star ("*") and web ("@") labels
because we don't want files with those labels getting created implicitly.
All setting of those labels should be done explicitly. The trouble is that
there is no check for these labels in the processing of SMACK64EXEC. That
is repaired.

Targeted for git://git.gitorious.org/smack-next/kernel.git

Change-Id: Ie95848da70efd6f5a5b7081a4bf943891396e748
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
10 years agobuild: package version up (2.0.1) 17/23217/1
Jinhyung Choi [Fri, 20 Jun 2014 05:25:31 +0000 (14:25 +0900)]
build: package version up (2.0.1)

Change-Id: I9ea7ba4297541cf1d9e59afc4a8c31e8a2e1cbfe
Signed-off-by: Jinhyung Choi <jinhyung2.choi@samsung.com>
10 years agosensors: device name changed to maru_sensor_[sensor_name]_1 16/23216/1
Jinhyung Choi [Fri, 20 Jun 2014 03:37:28 +0000 (12:37 +0900)]
sensors: device name changed to maru_sensor_[sensor_name]_1

Change-Id: I845d1bb1ae551ad1cea8640e372acbdbe5b4919c
Signed-off-by: Jinhyung Choi <jinhyung2.choi@samsung.com>
10 years agosensor: haptic device is added. 15/23215/1
Jinhyung Choi [Wed, 18 Jun 2014 08:05:19 +0000 (17:05 +0900)]
sensor: haptic device is added.

Change-Id: Ib91965250546c302afab31969a8ff3ccc3fab4c6
Signed-off-by: Jinhyung Choi <jinhyung2.choi@samsung.com>
10 years agosensors: created virtual device for accel, gyro, geo, light, and proxi 14/23214/1
Jinhyung Choi [Mon, 16 Jun 2014 01:37:27 +0000 (10:37 +0900)]
sensors: created virtual device for accel, gyro, geo, light, and proxi

Change-Id: I554643e382212dcb06ef82e8b7cc00424b321e42
Signed-off-by: Jinhyung Choi <jinhyung2.choi@samsung.com>
10 years agoevdi: added guest emuld connection message to qemu 13/23213/1
Jinhyung Choi [Mon, 16 Jun 2014 01:36:24 +0000 (10:36 +0900)]
evdi: added guest emuld connection message to qemu

Change-Id: I045e87cca57859c72e15a806463fe9726b42f72a
Signed-off-by: Jinhyung Choi <jinhyung2.choi@samsung.com>
10 years agojacks & power: changed max buf size to 512 12/23212/1
Jinhyung Choi [Mon, 16 Jun 2014 01:34:47 +0000 (10:34 +0900)]
jacks & power: changed max buf size to 512

Change-Id: I02fd40b37f6d295e546122e8f18ca1c1ddb7d5fc
Signed-off-by: Jinhyung Choi <jinhyung2.choi@samsung.com>
10 years agovmodem: make a vmodem device driver using virtio. 65/23065/2
Sooyoung Ha [Mon, 16 Jun 2014 11:19:51 +0000 (20:19 +0900)]
vmodem: make a vmodem device driver using virtio.

Change-Id: I792569d5718e72ff25410b13fc3b03c3631b3bff
Signed-off-by: Sooyoung Ha <yoosah.ha@samsung.com>
10 years agomaru-overlay: remove device 10/22910/1
jinhyung.jo [Wed, 11 Jun 2014 06:14:24 +0000 (15:14 +0900)]
maru-overlay: remove device

Since VIGS supports the planes,
the maru overlay is unnecessary

Change-Id: I0bfd0120eb64684d144b0c82bf845c56af668048
Signed-off-by: Jinhyung Jo <jinhyung.jo@samsung.com>
10 years agopackage: major version up to 2.0.0
SeokYeon Hwang [Tue, 10 Jun 2014 05:19:05 +0000 (14:19 +0900)]
package: major version up to 2.0.0

Signed-off-by: SeokYeon Hwang <syeon.hwang@samsung.com>
10 years agoconfig: disable seccomp 48/22448/1
Stanislav Vorobiov [Wed, 4 Jun 2014 07:33:19 +0000 (11:33 +0400)]
config: disable seccomp

seccomp is currently causing problems with
xwalk/chromium, GPU process is crashing because
it accesses files/devices not whitelisted in sandbox.
Currently both Tizen IVI device kernel and Tizen Mobile
kernel have this disabled in their configs, so we
should do this too

Change-Id: Ie50e1c4b00fea42f20b7749ab7ad496a715ab846
Signed-off-by: Stanislav Vorobiov <s.vorobiov@samsung.com>
10 years agonfc: Support old protocol 72/20872/1 features/smp
Munkyu Im [Tue, 13 May 2014 10:08:56 +0000 (19:08 +0900)]
nfc: Support old protocol

Change nfc packet size

Change-Id: I0af5d7699434f2ac94e28dfb26eb3fb673f9b00a
Signed-off-by: Munkyu Im <munkyu.im@samsung.com>
10 years agopackage: version up 32/20832/1
Kitae Kim [Tue, 13 May 2014 06:14:16 +0000 (15:14 +0900)]
package: version up

1.4.36

Change-Id: I84892ed263ef33cf95132c770e17a470bc3a38bf
Signed-off-by: Kitae Kim <kt920.kim@samsung.com>
10 years agoMerge branch 'tizen_linux_3.12' into tizen_linux_3.12
SeokYeon Hwang [Tue, 13 May 2014 02:35:05 +0000 (11:35 +0900)]
Merge branch 'tizen_linux_3.12' into tizen_linux_3.12

Change-Id: I13bba253a3677ca51a9d15c0f3e31f57aba70270

10 years agopackage: add dibs build script 67/20567/3
Kitae Kim [Fri, 9 May 2014 08:56:58 +0000 (17:56 +0900)]
package: add dibs build script

Change-Id: If1a0bcd4c1a91e6a74415e04f2505509eceed565
Signed-off-by: Kitae Kim <kt920.kim@samsung.com>
10 years agoMerge branch 'linux-3.12.y' into tizen_linux_3.12
SeokYeon Hwang [Wed, 7 May 2014 06:36:57 +0000 (15:36 +0900)]
Merge branch 'linux-3.12.y' into tizen_linux_3.12

10 years agoLinux 3.12.18
Jiri Slaby [Fri, 18 Apr 2014 09:14:28 +0000 (11:14 +0200)]
Linux 3.12.18

10 years agocrypto: ghash-clmulni-intel - use C implementation for setkey()
Ard Biesheuvel [Thu, 27 Mar 2014 17:14:40 +0000 (18:14 +0100)]
crypto: ghash-clmulni-intel - use C implementation for setkey()

commit 8ceee72808d1ae3fb191284afc2257a2be964725 upstream.

The GHASH setkey() function uses SSE registers but fails to call
kernel_fpu_begin()/kernel_fpu_end(). Instead of adding these calls, and
then having to deal with the restriction that they cannot be called from
interrupt context, move the setkey() implementation to the C domain.

Note that setkey() does not use any particular SSE features and is not
expected to become a performance bottleneck.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Acked-by: H. Peter Anvin <hpa@linux.intel.com>
Fixes: 0e1227d356e9b (crypto: ghash - Add PCLMULQDQ accelerated implementation)
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
10 years agoARC: [nsimosci] Unbork console
Vineet Gupta [Sat, 5 Apr 2014 10:00:22 +0000 (15:30 +0530)]
ARC: [nsimosci] Unbork console

commit 61fb4bfc010b0d2940f7fd87acbce6a0f03217cb upstream.

Despite the switch to right UART driver (prev patch), serial console
still doesn't work due to missing CONFIG_SERIAL_OF_PLATFORM

Also fix the default cmdline in DT to not refer to out-of-tree
ARC framebuffer driver for console.

Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
Cc: Francois Bedard <Francois.Bedard@synopsys.com>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
10 years agoARC: [nsimosci] Change .dts to use generic 8250 UART
Mischa Jonker [Thu, 16 May 2013 17:36:08 +0000 (19:36 +0200)]
ARC: [nsimosci] Change .dts to use generic 8250 UART

commit 6eda477b3c54b8236868c8784e5e042ff14244f0 upstream.

The Synopsys APB DW UART has a couple of special features that are not
in the System C model. In 3.8, the 8250_dw driver didn't really use these
features, but from 3.9 onwards, the 8250_dw driver has become incompatible
with our model.

Signed-off-by: Mischa Jonker <mjonker@synopsys.com>
Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
Cc: Francois Bedard <Francois.Bedard@synopsys.com>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
10 years agords: prevent dereference of a NULL device in rds_iw_laddr_check
Sasha Levin [Sun, 30 Mar 2014 00:39:35 +0000 (20:39 -0400)]
rds: prevent dereference of a NULL device in rds_iw_laddr_check

[ Upstream commit bf39b4247b8799935ea91d90db250ab608a58e50 ]

Binding might result in a NULL device which is later dereferenced
without checking.

Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
10 years agoisdnloop: several buffer overflows
Dan Carpenter [Tue, 8 Apr 2014 09:23:09 +0000 (12:23 +0300)]
isdnloop: several buffer overflows

[ Upstream commit 7563487cbf865284dcd35e9ef5a95380da046737 ]

There are three buffer overflows addressed in this patch.

1) In isdnloop_fake_err() we add an 'E' to a 60 character string and
then copy it into a 60 character buffer.  I have made the destination
buffer 64 characters and I'm changed the sprintf() to a snprintf().

2) In isdnloop_parse_cmd(), p points to a 6 characters into a 60
character buffer so we have 54 characters.  The ->eazlist[] is 11
characters long.  I have modified the code to return if the source
buffer is too long.

3) In isdnloop_command() the cbuf[] array was 60 characters long but the
max length of the string then can be up to 79 characters.  I made the
cbuf array 80 characters long and changed the sprintf() to snprintf().
I also removed the temporary "dial" buffer and changed it to use "p"
directly.

Unfortunately, we pass the "cbuf" string from isdnloop_command() to
isdnloop_writecmd() which truncates anything over 60 characters to make
it fit in card->omsg[].  (It can accept values up to 255 characters so
long as there is a '\n' character every 60 characters).  For now I have
just fixed the memory corruption bug and left the other problems in this
driver alone.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
10 years agoisdnloop: Validate NUL-terminated strings from user.
YOSHIFUJI Hideaki [Wed, 2 Apr 2014 03:48:42 +0000 (12:48 +0900)]
isdnloop: Validate NUL-terminated strings from user.

[ Upstream commit 77bc6bed7121936bb2e019a8c336075f4c8eef62 ]

Return -EINVAL unless all of user-given strings are correctly
NUL-terminated.

Signed-off-by: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
10 years agonet: vxlan: fix crash when interface is created with no group
Mike Rapoport [Tue, 1 Apr 2014 06:23:01 +0000 (09:23 +0300)]
net: vxlan: fix crash when interface is created with no group

[ Upstream commit 5933a7bbb5de66482ea8aa874a7ebaf8e67603c4 ]

If the vxlan interface is created without explicit group definition,
there are corner cases which may cause kernel panic.

For instance, in the following scenario:

node A:
$ ip link add dev vxlan42  address 2c:c2:60:00:10:20 type vxlan id 42
$ ip addr add dev vxlan42 10.0.0.1/24
$ ip link set up dev vxlan42
$ arp -i vxlan42 -s 10.0.0.2 2c:c2:60:00:01:02
$ bridge fdb add dev vxlan42 to 2c:c2:60:00:01:02 dst <IPv4 address>
$ ping 10.0.0.2

node B:
$ ip link add dev vxlan42 address 2c:c2:60:00:01:02 type vxlan id 42
$ ip addr add dev vxlan42 10.0.0.2/24
$ ip link set up dev vxlan42
$ arp -i vxlan42 -s 10.0.0.1 2c:c2:60:00:10:20

node B crashes:

 vxlan42: 2c:c2:60:00:10:20 migrated from 4011:eca4:c0a8:6466:c0a8:6415:8e09:2118 to (invalid address)
 vxlan42: 2c:c2:60:00:10:20 migrated from 4011:eca4:c0a8:6466:c0a8:6415:8e09:2118 to (invalid address)
 BUG: unable to handle kernel NULL pointer dereference at 0000000000000046
 IP: [<ffffffff8143c459>] ip6_route_output+0x58/0x82
 PGD 7bd89067 PUD 7bd4e067 PMD 0
 Oops: 0000 [#1] SMP
 Modules linked in:
 CPU: 1 PID: 0 Comm: swapper/1 Not tainted 3.14.0-rc8-hvx-xen-00019-g97a5221-dirty #154
 Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
 task: ffff88007c774f50 ti: ffff88007c79c000 task.ti: ffff88007c79c000
 RIP: 0010:[<ffffffff8143c459>]  [<ffffffff8143c459>] ip6_route_output+0x58/0x82
 RSP: 0018:ffff88007fd03668  EFLAGS: 00010282
 RAX: 0000000000000000 RBX: ffffffff8186a000 RCX: 0000000000000040
 RDX: 0000000000000000 RSI: ffff88007b0e4a80 RDI: ffff88007fd03754
 RBP: ffff88007fd03688 R08: ffff88007b0e4a80 R09: 0000000000000000
 R10: 0200000a0100000a R11: 0001002200000000 R12: ffff88007fd03740
 R13: ffff88007b0e4a80 R14: ffff88007b0e4a80 R15: ffff88007bba0c50
 FS:  0000000000000000(0000) GS:ffff88007fd00000(0000) knlGS:0000000000000000
 CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
 CR2: 0000000000000046 CR3: 000000007bb60000 CR4: 00000000000006e0
 Stack:
  0000000000000000 ffff88007fd037a0 ffffffff8186a000 ffff88007fd03740
  ffff88007fd036c8 ffffffff814320bb 0000000000006e49 ffff88007b8b7360
  ffff88007bdbf200 ffff88007bcbc000 ffff88007b8b7000 ffff88007b8b7360
 Call Trace:
  <IRQ>
  [<ffffffff814320bb>] ip6_dst_lookup_tail+0x2d/0xa4
  [<ffffffff814322a5>] ip6_dst_lookup+0x10/0x12
  [<ffffffff81323b4e>] vxlan_xmit_one+0x32a/0x68c
  [<ffffffff814a325a>] ? _raw_spin_unlock_irqrestore+0x12/0x14
  [<ffffffff8104c551>] ? lock_timer_base.isra.23+0x26/0x4b
  [<ffffffff8132451a>] vxlan_xmit+0x66a/0x6a8
  [<ffffffff8141a365>] ? ipt_do_table+0x35f/0x37e
  [<ffffffff81204ba2>] ? selinux_ip_postroute+0x41/0x26e
  [<ffffffff8139d0c1>] dev_hard_start_xmit+0x2ce/0x3ce
  [<ffffffff8139d491>] __dev_queue_xmit+0x2d0/0x392
  [<ffffffff813b380f>] ? eth_header+0x28/0xb5
  [<ffffffff8139d569>] dev_queue_xmit+0xb/0xd
  [<ffffffff813a5aa6>] neigh_resolve_output+0x134/0x152
  [<ffffffff813db741>] ip_finish_output2+0x236/0x299
  [<ffffffff813dc074>] ip_finish_output+0x98/0x9d
  [<ffffffff813dc749>] ip_output+0x62/0x67
  [<ffffffff813da9f2>] dst_output+0xf/0x11
  [<ffffffff813dc11c>] ip_local_out+0x1b/0x1f
  [<ffffffff813dcf1b>] ip_send_skb+0x11/0x37
  [<ffffffff813dcf70>] ip_push_pending_frames+0x2f/0x33
  [<ffffffff813ff732>] icmp_push_reply+0x106/0x115
  [<ffffffff813ff9e4>] icmp_reply+0x142/0x164
  [<ffffffff813ffb3b>] icmp_echo.part.16+0x46/0x48
  [<ffffffff813c1d30>] ? nf_iterate+0x43/0x80
  [<ffffffff813d8037>] ? xfrm4_policy_check.constprop.11+0x52/0x52
  [<ffffffff813ffb62>] icmp_echo+0x25/0x27
  [<ffffffff814005f7>] icmp_rcv+0x1d2/0x20a
  [<ffffffff813d8037>] ? xfrm4_policy_check.constprop.11+0x52/0x52
  [<ffffffff813d810d>] ip_local_deliver_finish+0xd6/0x14f
  [<ffffffff813d8037>] ? xfrm4_policy_check.constprop.11+0x52/0x52
  [<ffffffff813d7fde>] NF_HOOK.constprop.10+0x4c/0x53
  [<ffffffff813d82bf>] ip_local_deliver+0x4a/0x4f
  [<ffffffff813d7f7b>] ip_rcv_finish+0x253/0x26a
  [<ffffffff813d7d28>] ? inet_add_protocol+0x3e/0x3e
  [<ffffffff813d7fde>] NF_HOOK.constprop.10+0x4c/0x53
  [<ffffffff813d856a>] ip_rcv+0x2a6/0x2ec
  [<ffffffff8139a9a0>] __netif_receive_skb_core+0x43e/0x478
  [<ffffffff812a346f>] ? virtqueue_poll+0x16/0x27
  [<ffffffff8139aa2f>] __netif_receive_skb+0x55/0x5a
  [<ffffffff8139aaaa>] process_backlog+0x76/0x12f
  [<ffffffff8139add8>] net_rx_action+0xa2/0x1ab
  [<ffffffff81047847>] __do_softirq+0xca/0x1d1
  [<ffffffff81047ace>] irq_exit+0x3e/0x85
  [<ffffffff8100b98b>] do_IRQ+0xa9/0xc4
  [<ffffffff814a37ad>] common_interrupt+0x6d/0x6d
  <EOI>
  [<ffffffff810378db>] ? native_safe_halt+0x6/0x8
  [<ffffffff810110c7>] default_idle+0x9/0xd
  [<ffffffff81011694>] arch_cpu_idle+0x13/0x1c
  [<ffffffff8107480d>] cpu_startup_entry+0xbc/0x137
  [<ffffffff8102e741>] start_secondary+0x1a0/0x1a5
 Code: 24 14 e8 f1 e5 01 00 31 d2 a8 32 0f 95 c2 49 8b 44 24 2c 49 0b 44 24 24 74 05 83 ca 04 eb 1c 4d 85 ed 74 17 49 8b 85 a8 02 00 00 <66> 8b 40 46 66 c1 e8 07 83 e0 07 c1 e0 03 09 c2 4c 89 e6 48 89
 RIP  [<ffffffff8143c459>] ip6_route_output+0x58/0x82
  RSP <ffff88007fd03668>
 CR2: 0000000000000046
 ---[ end trace 4612329caab37efd ]---

When vxlan interface is created without explicit group definition, the
default_dst protocol family is initialiazed to AF_UNSPEC and the driver
assumes IPv4 configuration. On the other side, the default_dst protocol
family is used to differentiate between IPv4 and IPv6 cases and, since,
AF_UNSPEC != AF_INET, the processing takes the IPv6 path.

Making the IPv4 assumption explicit by settting default_dst protocol
family to AF_INET4 and preventing mixing of IPv4 and IPv6 addresses in
snooped fdb entries fixes the corner case crashes.

Signed-off-by: Mike Rapoport <mike.rapoport@ravellosystems.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
10 years agoxen-netback: disable rogue vif in kthread context
Wei Liu [Tue, 1 Apr 2014 11:46:12 +0000 (12:46 +0100)]
xen-netback: disable rogue vif in kthread context

[ Upstream commit e9d8b2c2968499c1f96563e6522c56958d5a1d0d ]

When netback discovers frontend is sending malformed packet it will
disables the interface which serves that frontend.

However disabling a network interface involving taking a mutex which
cannot be done in softirq context, so we need to defer this process to
kthread context.

This patch does the following:
1. introduce a flag to indicate the interface is disabled.
2. check that flag in TX path, don't do any work if it's true.
3. check that flag in RX path, turn off that interface if it's true.

The reason to disable it in RX path is because RX uses kthread. After
this change the behavior of netback is still consistent -- it won't do
any TX work for a rogue frontend, and the interface will be eventually
turned off.

Also change a "continue" to "break" after xenvif_fatal_tx_err, as it
doesn't make sense to continue processing packets if frontend is rogue.

This is a fix for XSA-90.

Reported-by: Török Edwin <edwin@etorok.net>
Signed-off-by: Wei Liu <wei.liu2@citrix.com>
Cc: Ian Campbell <ian.campbell@citrix.com>
Reviewed-by: David Vrabel <david.vrabel@citrix.com>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
10 years agonetlink: don't compare the nul-termination in nla_strcmp
Pablo Neira [Tue, 1 Apr 2014 17:38:44 +0000 (19:38 +0200)]
netlink: don't compare the nul-termination in nla_strcmp

[ Upstream commit 8b7b932434f5eee495b91a2804f5b64ebb2bc835 ]

nla_strcmp compares the string length plus one, so it's implicitly
including the nul-termination in the comparison.

 int nla_strcmp(const struct nlattr *nla, const char *str)
 {
        int len = strlen(str) + 1;
        ...
                d = memcmp(nla_data(nla), str, len);

However, if NLA_STRING is used, userspace can send us a string without
the nul-termination. This is a problem since the string
comparison will not match as the last byte may be not the
nul-termination.

Fix this by skipping the comparison of the nul-termination if the
attribute data is nul-terminated. Suggested by Thomas Graf.

Cc: Florian Westphal <fw@strlen.de>
Cc: Thomas Graf <tgraf@suug.ch>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
10 years agoipv6: some ipv6 statistic counters failed to disable bh
Hannes Frederic Sowa [Mon, 31 Mar 2014 18:14:10 +0000 (20:14 +0200)]
ipv6: some ipv6 statistic counters failed to disable bh

[ Upstream commit 43a43b6040165f7b40b5b489fe61a4cb7f8c4980 ]

After commit c15b1ccadb323ea ("ipv6: move DAD and addrconf_verify
processing to workqueue") some counters are now updated in process context
and thus need to disable bh before doing so, otherwise deadlocks can
happen on 32-bit archs. Fabio Estevam noticed this while while mounting
a NFS volume on an ARM board.

As a compensation for missing this I looked after the other *_STATS_BH
and found three other calls which need updating:

1) icmp6_send: ip6_fragment -> icmpv6_send -> icmp6_send (error handling)
2) ip6_push_pending_frames: rawv6_sendmsg -> rawv6_push_pending_frames -> ...
   (only in case of icmp protocol with raw sockets in error handling)
3) ping6_v6_sendmsg (error handling)

Fixes: c15b1ccadb323ea ("ipv6: move DAD and addrconf_verify processing to workqueue")
Reported-by: Fabio Estevam <festevam@gmail.com>
Tested-by: Fabio Estevam <fabio.estevam@freescale.com>
Cc: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
10 years agoxen-netback: remove pointless clause from if statement
Paul Durrant [Fri, 28 Mar 2014 11:39:05 +0000 (11:39 +0000)]
xen-netback: remove pointless clause from if statement

[ Upstream commit 0576eddf24df716d8570ef8ca11452a9f98eaab2 ]

This patch removes a test in start_new_rx_buffer() that checks whether
a copy operation is less than MAX_BUFFER_OFFSET in length, since
MAX_BUFFER_OFFSET is defined to be PAGE_SIZE and the only caller of
start_new_rx_buffer() already limits copy operations to PAGE_SIZE or less.

Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Cc: Ian Campbell <ian.campbell@citrix.com>
Cc: Wei Liu <wei.liu2@citrix.com>
Cc: Sander Eikelenboom <linux@eikelenboom.it>
Reported-By: Sander Eikelenboom <linux@eikelenboom.it>
Tested-By: Sander Eikelenboom <linux@eikelenboom.it>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
10 years agovhost: validate vhost_get_vq_desc return value
Michael S. Tsirkin [Thu, 27 Mar 2014 10:53:37 +0000 (12:53 +0200)]
vhost: validate vhost_get_vq_desc return value

[ Upstream commit a39ee449f96a2cd44ce056d8a0a112211a9b1a1f ]

vhost fails to validate negative error code
from vhost_get_vq_desc causing
a crash: we are using -EFAULT which is 0xfffffff2
as vector size, which exceeds the allocated size.

The code in question was introduced in commit
8dd014adfea6f173c1ef6378f7e5e7924866c923
    vhost-net: mergeable buffers support

CVE-2014-0055

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
10 years agovhost: fix total length when packets are too short
Michael S. Tsirkin [Thu, 27 Mar 2014 10:00:26 +0000 (12:00 +0200)]
vhost: fix total length when packets are too short

[ Upstream commit d8316f3991d207fe32881a9ac20241be8fa2bad0 ]

When mergeable buffers are disabled, and the
incoming packet is too large for the rx buffer,
get_rx_bufs returns success.

This was intentional in order for make recvmsg
truncate the packet and then handle_rx would
detect err != sock_len and drop it.

Unfortunately we pass the original sock_len to
recvmsg - which means we use parts of iov not fully
validated.

Fix this up by detecting this overrun and doing packet drop
immediately.

CVE-2014-0077

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
10 years agovlan: Set hard_header_len according to available acceleration
Vlad Yasevich [Wed, 26 Mar 2014 15:47:56 +0000 (11:47 -0400)]
vlan: Set hard_header_len according to available acceleration

[ Upstream commit fc0d48b8fb449ca007b2057328abf736cb516168 ]

Currently, if the card supports CTAG acceleration we do not
account for the vlan header even if we are configuring an
8021AD vlan.  This may not be best since we'll do software
tagging for 8021AD which will cause data copy on skb head expansion
Configure the length based on available hw offload capabilities and
vlan protocol.

CC: Patrick McHardy <kaber@trash.net>
Signed-off-by: Vlad Yasevich <vyasevic@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
10 years agousbnet: include wait queue head in device structure
Oliver Neukum [Wed, 26 Mar 2014 13:32:51 +0000 (14:32 +0100)]
usbnet: include wait queue head in device structure

[ Upstream commit 14a0d635d18d0fb552dcc979d6d25106e6541f2e ]

This fixes a race which happens by freeing an object on the stack.
Quoting Julius:
> The issue is
> that it calls usbnet_terminate_urbs() before that, which temporarily
> installs a waitqueue in dev->wait in order to be able to wait on the
> tasklet to run and finish up some queues. The waiting itself looks
> okay, but the access to 'dev->wait' is totally unprotected and can
> race arbitrarily. I think in this case usbnet_bh() managed to succeed
> it's dev->wait check just before usbnet_terminate_urbs() sets it back
> to NULL. The latter then finishes and the waitqueue_t structure on its
> stack gets overwritten by other functions halfway through the
> wake_up() call in usbnet_bh().

The fix is to just not allocate the data structure on the stack.
As dev->wait is abused as a flag it also takes a runtime PM change
to fix this bug.

Signed-off-by: Oliver Neukum <oneukum@suse.de>
Reported-by: Grant Grundler <grundler@google.com>
Tested-by: Grant Grundler <grundler@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
10 years agotg3: Do not include vlan acceleration features in vlan_features
Vlad Yasevich [Mon, 24 Mar 2014 21:52:12 +0000 (17:52 -0400)]
tg3: Do not include vlan acceleration features in vlan_features

[ Upstream commit 51dfe7b944998eaeb2b34d314f3a6b16a5fd621b ]

Including hardware acceleration features in vlan_features breaks
stacked vlans (Q-in-Q) by marking the bottom vlan interface as
capable of acceleration.  This causes one of the tags to be lost
and the packets are sent with a sing vlan header.

CC: Nithin Nayak Sujir <nsujir@broadcom.com>
CC: Michael Chan <mchan@broadcom.com>
Signed-off-by: Vlad Yasevich <vyasevic@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
10 years agoip_tunnel: Fix dst ref-count.
Pravin B Shelar [Mon, 24 Mar 2014 05:06:36 +0000 (22:06 -0700)]
ip_tunnel: Fix dst ref-count.

[ Upstream commit fbd02dd405d0724a0f25897ed4a6813297c9b96f ]

Commit 10ddceb22ba (ip_tunnel:multicast process cause panic due
to skb->_skb_refdst NULL pointer) removed dst-drop call from
ip-tunnel-recv.

Following commit reintroduce dst-drop and fix the original bug by
checking loopback packet before releasing dst.
Original bug: https://bugzilla.kernel.org/show_bug.cgi?id=70681

CC: Xin Long <lucien.xin@gmail.com>
Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
10 years agotipc: fix spinlock recursion bug for failed subscriptions
Erik Hugne [Mon, 24 Mar 2014 15:56:38 +0000 (16:56 +0100)]
tipc: fix spinlock recursion bug for failed subscriptions

[ Upstream commit a5d0e7c037119484a7006b883618bfa87996cb41 ]

If a topology event subscription fails for any reason, such as out
of memory, max number reached or because we received an invalid
request the correct behavior is to terminate the subscribers
connection to the topology server. This is currently broken and
produces the following oops:

[27.953662] tipc: Subscription rejected, illegal request
[27.955329] BUG: spinlock recursion on CPU#1, kworker/u4:0/6
[27.957066]  lock: 0xffff88003c67f408, .magic: dead4ead, .owner: kworker/u4:0/6, .owner_cpu: 1
[27.958054] CPU: 1 PID: 6 Comm: kworker/u4:0 Not tainted 3.14.0-rc6+ #5
[27.960230] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[27.960874] Workqueue: tipc_rcv tipc_recv_work [tipc]
[27.961430]  ffff88003c67f408 ffff88003de27c18 ffffffff815c0207 ffff88003de1c050
[27.962292]  ffff88003de27c38 ffffffff815beec5 ffff88003c67f408 ffffffff817f0a8a
[27.963152]  ffff88003de27c58 ffffffff815beeeb ffff88003c67f408 ffffffffa0013520
[27.964023] Call Trace:
[27.964292]  [<ffffffff815c0207>] dump_stack+0x45/0x56
[27.964874]  [<ffffffff815beec5>] spin_dump+0x8c/0x91
[27.965420]  [<ffffffff815beeeb>] spin_bug+0x21/0x26
[27.965995]  [<ffffffff81083df6>] do_raw_spin_lock+0x116/0x140
[27.966631]  [<ffffffff815c6215>] _raw_spin_lock_bh+0x15/0x20
[27.967256]  [<ffffffffa0008540>] subscr_conn_shutdown_event+0x20/0xa0 [tipc]
[27.968051]  [<ffffffffa000fde4>] tipc_close_conn+0xa4/0xb0 [tipc]
[27.968722]  [<ffffffffa00101ba>] tipc_conn_terminate+0x1a/0x30 [tipc]
[27.969436]  [<ffffffffa00089a2>] subscr_conn_msg_event+0x1f2/0x2f0 [tipc]
[27.970209]  [<ffffffffa0010000>] tipc_receive_from_sock+0x90/0xf0 [tipc]
[27.970972]  [<ffffffffa000fa79>] tipc_recv_work+0x29/0x50 [tipc]
[27.971633]  [<ffffffff8105dbf5>] process_one_work+0x165/0x3e0
[27.972267]  [<ffffffff8105e869>] worker_thread+0x119/0x3a0
[27.972896]  [<ffffffff8105e750>] ? manage_workers.isra.25+0x2a0/0x2a0
[27.973622]  [<ffffffff810648af>] kthread+0xdf/0x100
[27.974168]  [<ffffffff810647d0>] ? kthread_create_on_node+0x1a0/0x1a0
[27.974893]  [<ffffffff815ce13c>] ret_from_fork+0x7c/0xb0
[27.975466]  [<ffffffff810647d0>] ? kthread_create_on_node+0x1a0/0x1a0

The recursion occurs when subscr_terminate tries to grab the
subscriber lock, which is already taken by subscr_conn_msg_event.
We fix this by checking if the request to establish a new
subscription was successful, and if not we initiate termination of
the subscriber after we have released the subscriber lock.

Signed-off-by: Erik Hugne <erik.hugne@ericsson.com>
Reviewed-by: Jon Maloy <jon.maloy@ericsson.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
10 years agonetpoll: fix the skb check in pkt_is_ns
Li RongQing [Fri, 21 Mar 2014 12:53:57 +0000 (20:53 +0800)]
netpoll: fix the skb check in pkt_is_ns

[ Not applicable upstream commit, the code here has been removed
  upstream. ]

Neighbor Solicitation is ipv6 protocol, so we should check
skb->protocol with ETH_P_IPV6

Signed-off-by: Li RongQing <roy.qing.li@gmail.com>
Cc: WANG Cong <amwang@redhat.com>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
10 years agonet: micrel : ks8851-ml: add vdd-supply support
Nishanth Menon [Fri, 21 Mar 2014 06:52:48 +0000 (01:52 -0500)]
net: micrel : ks8851-ml: add vdd-supply support

[ Upstream commit ebf4ad955d3e26d4d2a33709624fc7b5b9d3b969 ]

Few platforms use external regulator to keep the ethernet MAC supplied.
So, request and enable the regulator for driver functionality.

Fixes: 66fda75f47dc (regulator: core: Replace direct ops->disable usage)
Reported-by: Russell King <rmk+kernel@arm.linux.org.uk>
Suggested-by: Markus Pargmann <mpa@pengutronix.de>
Signed-off-by: Nishanth Menon <nm@ti.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
10 years agoip6mr: fix mfc notification flags
Nicolas Dichtel [Wed, 19 Mar 2014 16:47:51 +0000 (17:47 +0100)]
ip6mr: fix mfc notification flags

[ Upstream commit f518338b16038beeb73e155e60d0f70beb9379f4 ]

Commit 812e44dd1829 ("ip6mr: advertise new mfc entries via rtnl") reuses the
function ip6mr_fill_mroute() to notify mfc events.
But this function was used only for dump and thus was always setting the
flag NLM_F_MULTI, which is wrong in case of a single notification.

Libraries like libnl will wait forever for NLMSG_DONE.

CC: Thomas Graf <tgraf@suug.ch>
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Acked-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
10 years agoipmr: fix mfc notification flags
Nicolas Dichtel [Wed, 19 Mar 2014 16:47:50 +0000 (17:47 +0100)]
ipmr: fix mfc notification flags

[ Upstream commit 65886f439ab0fdc2dff20d1fa87afb98c6717472 ]

Commit 8cd3ac9f9b7b ("ipmr: advertise new mfc entries via rtnl") reuses the
function ipmr_fill_mroute() to notify mfc events.
But this function was used only for dump and thus was always setting the
flag NLM_F_MULTI, which is wrong in case of a single notification.

Libraries like libnl will wait forever for NLMSG_DONE.

CC: Thomas Graf <tgraf@suug.ch>
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Acked-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>