Alexander Aksenov [Fri, 4 Aug 2017 02:55:04 +0000 (11:55 +0900)]
misc: mcu_ipc: fix duplicated export symbol
There is duplicated export symbol with EXPORT_SYMBOL(). Fix one from
the symbols with proper function name.
With this modification, build error with CONFIG_MODULES is removed.
Change-Id: I696e324cc55ac381063ba8e442dc45e55ba78a01
Signed-off-by: Alexander Aksenov <a.aksenov@samsung.com>
[sw0312.kim: spilt mcu_ipc patch and adjust commit-msg]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Jin-young Jeon [Thu, 6 Jul 2017 05:32:18 +0000 (14:32 +0900)]
drm/tgm: tdm_pp: add pp_set_planar_addr().
It should be supported to divide each planar address.
This patch is from product kernel.
Change-Id: I3bd2cfa5fabd67ee57ffb7a575e6bf35e2ba161e
Signed-off-by: Jin-young Jeon <jy0.jeon@samsung.com>
Signed-off-by: Inki Dae <inki.dae@samsung.com>
Jin-young Jeon [Thu, 6 Jul 2017 04:35:27 +0000 (13:35 +0900)]
drm/tgm: tdm_pp: add size field on tdm_pp_buf_info.
This patch is from product kernel.
Change-Id: I4d2901793835fe708781ad72c0a3fd28d4608d41
Signed-off-by: Jin-young Jeon <jy0.jeon@samsung.com>
Signed-off-by: Inki Dae <inki.dae@samsung.com>
Jin-young Jeon [Thu, 6 Jul 2017 04:33:17 +0000 (13:33 +0900)]
drm/tgm: tbm: add tbm_gem_get_size().
This patch is from product kernel.
Change-Id: Ia5089be4a803861b66eb17d4463efe860e17914d
Signed-off-by: Jin-young Jeon <jy0.jeon@samsung.com>
Signed-off-by: Inki Dae <inki.dae@samsung.com>
Inki Dae [Thu, 6 Jul 2017 01:24:35 +0000 (10:24 +0900)]
ARM64: tizen_tw2_defconfig: disble VIDEO_EXYNOS_SCALER
This patch disbles V4L2 based scaler driver.
We use DRM based IPP driver so this configuraion should be disabled.
Change-Id: If1544d8b4db9225f26db51c2c9a1c3940b36be5e
Signed-off-by: Inki Dae <inki.dae@samsung.com>
Inki Dae [Tue, 4 Jul 2017 01:41:39 +0000 (10:41 +0900)]
ARM64: tizen_tw2_defconfig: enable post processing driver
This patch enables post processing driver for TGM module.
Change-Id: Iff25cbe6383231d81b2b44b3773769300103e087
Signed-off-by: Inki Dae <inki.dae@samsung.com>
Inki Dae [Tue, 4 Jul 2017 01:38:18 +0000 (10:38 +0900)]
drm/tgm: code sync with product kernel
This patch synchronizes tgm driver with latest product kernel.
Almost patches have been merged based on original patch of product kernel
but there are missing code from beginning so regarding this code,
I have merged it manually.
Change-Id: If699b55a5ad67e7a82e8195376d81ffbebf78535
Signed-off-by: Inki Dae <inki.dae@samsung.com>
Jin-young Jeon [Thu, 29 Jun 2017 10:11:18 +0000 (19:11 +0900)]
drm/tgm: tdm: change completion interface.
Add cmd completion instead of start / stop completion.
This patch is from product kernel.
Change-Id: I09d0e61d307d619db1ebb61b8e4242edff4a4259
Signed-off-by: Jin-young Jeon <jy0.jeon@samsung.com>
Signed-off-by: Inki Dae <inki.dae@samsung.com>
Jin-young Jeon [Tue, 20 Jun 2017 06:12:46 +0000 (15:12 +0900)]
drm/tgm: tdm: add ttrace log to check vsync
This patch is from product kernel.
Change-Id: I46d68956d4cbf196379a3f6037189712248694dd
Signed-off-by: Jin-young Jeon <jy0.jeon@samsung.com>
Signed-off-by: Inki Dae <inki.dae@samsung.com>
Jin-young Jeon [Thu, 8 Jun 2017 04:16:07 +0000 (13:16 +0900)]
drm/tgm: tdm/pp: add fence mechanism on TDM PP.
This patch is from product kernel.
Change-Id: Iae386e3a0a1984d9dec157153a280ac5886ba5e0
Signed-off-by: Jin-young Jeon <jy0.jeon@samsung.com>
Signed-off-by: Inki Dae <inki.dae@samsung.com>
Jin-young Jeon [Thu, 8 Jun 2017 02:05:25 +0000 (11:05 +0900)]
drm/tgm: tbm: add get dma_buf interface.
This patch is from product kernel.
Change-Id: Id6c8221c75b2bd715968df8fdd49d4b86f26a599
Signed-off-by: Jin-young Jeon <jy0.jeon@samsung.com>
Signed-off-by: Inki Dae <inki.dae@samsung.com>
jonggab.park [Fri, 28 Apr 2017 08:13:56 +0000 (17:13 +0900)]
drm/tdm: implement msc driver to support PP.
MSC driver is included. This patch is from product kernel.
Change-Id: Ibe08ff732fb4e5cc9718b59254cd52f8716bad5b
Signed-off-by: Jin-young Jeon <jy0.jeon@samsung.com>
Signed-off-by: Inki Dae <inki.dae@samsung.com>
jonggab.park [Fri, 28 Apr 2017 08:02:34 +0000 (17:02 +0900)]
drm/tdm: implement PP interface.
PP interface is included. This patch is from product kernel.
Change-Id: I44d06ab017e2023440010ad64a4265e24954f0c2
Signed-off-by: Jin-young Jeon <jy0.jeon@samsung.com>
Signed-off-by: Inki Dae <inki.dae@samsung.com>
jonggab.park [Fri, 28 Apr 2017 05:24:45 +0000 (14:24 +0900)]
drm/tbm: add get/put dma address interface.
DMA address interface set for pp driver.
This patch is from product kernel.
Change-Id: I41ad97483fdd7f0e3c17fc216d04d47edca2f8b1
Signed-off-by: Jin-young Jeon <jy0.jeon@samsung.com>
Signed-off-by: Inki Dae <inki.dae@samsung.com>
jonggab.park [Fri, 28 Apr 2017 05:09:54 +0000 (14:09 +0900)]
drm/tgm: add sub driver handling interface.
It doesn't have the pp interface for the pp driver.
And this patch is from product kernel.
Change-Id: Iceb891e602fe6e6e246445b7d845927cc39a73c0
Signed-off-by: Jin-young Jeon <jy0.jeon@samsung.com>
Signed-off-by: Inki Dae <inki.dae@samsung.com>
Jin-young Jeon [Mon, 22 May 2017 08:34:05 +0000 (17:34 +0900)]
drm/tgm: add pid information on gem_info
This patch is from product kernel.
Change-Id: Id408cab17ca339bb2d8c8af1193a7905f2a34869
Signed-off-by: Jin-young Jeon <jy0.jeon@samsung.com>
Signed-off-by: Inki Dae <inki.dae@samsung.com>
Jin-young Jeon [Mon, 26 Dec 2016 05:51:05 +0000 (14:51 +0900)]
drm/tgm: tdm: change sequence to turn off vblank.
Prevent duplicated low power mode request.
This patch is from product kernel.
Change-Id: I729af7274ca491a84ec72790c8ca6bf67530ce5b
Signed-off-by: Jin-young Jeon <jy0.jeon@samsung.com>
Signed-off-by: Inki Dae <inki.dae@samsung.com>
Gonzha Dmitriy Evgenevich [Wed, 24 May 2017 10:51:05 +0000 (13:51 +0300)]
packaging: Turn off building with ASan
Turn off ASan for ASan sanitized firmware build
Change-Id: If786306821ff22e994efaba2b00dcabcc5eb8426
Signed-off-by: Gonzha Dmitriy Evgenevich <d.gonzha@samsung.com>
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Seung-Woo Kim [Mon, 27 Mar 2017 06:32:47 +0000 (15:32 +0900)]
packaging: install license for rpm package instead of license package
This patch replaces license rpm package to license file in rpm
package.
Change-Id: I8d06a0b42bce3e5d774151f2d708b081c1b46956
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Linus Torvalds [Thu, 13 Oct 2016 20:07:36 +0000 (13:07 -0700)]
mm: remove gup_flags FOLL_WRITE games from __get_user_pages()
This is an ancient bug that was actually attempted to be fixed once
(badly) by me eleven years ago in commit
4ceb5db9757a ("Fix
get_user_pages() race for write access") but that was then undone due to
problems on s390 by commit
f33ea7f404e5 ("fix get_user_pages bug").
In the meantime, the s390 situation has long been fixed, and we can now
fix it by checking the pte_dirty() bit properly (and do it better). The
s390 dirty bit was implemented in
abf09bed3cce ("s390/mm: implement
software dirty bits") which made it into v3.9. Earlier kernels will
have to look at the page state itself.
Also, the VM has become more scalable, and what used a purely
theoretical race back then has become easier to trigger.
To fix it, we introduce a new internal FOLL_COW flag to mark the "yes,
we already did a COW" rather than play racy games with FOLL_WRITE that
is very fundamental, and then use the pte dirty flag to validate that
the FOLL_COW flag is still valid.
Reported-and-tested-by: Phil "not Paul" Oester <kernel@linuxace.com>
Acked-by: Hugh Dickins <hughd@google.com>
Reviewed-by: Michal Hocko <mhocko@suse.com>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Kees Cook <keescook@chromium.org>
Cc: Oleg Nesterov <oleg@redhat.com>
Cc: Willy Tarreau <w@1wt.eu>
Cc: Nick Piggin <npiggin@gmail.com>
Cc: Greg Thelen <gthelen@google.com>
Cc: stable@vger.kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
[mainline backport of commit
19be0eaffa3ac7d8eb6784ad9bdbc7d67ed8e619 to resolve CVE-2016-5195]
Change-Id: I9d58d4199fe3c5aa712ed7e58d4bf6a624eb0005
Signed-off-by: Jaechul Lee <jcsing.lee@samsung.com>
Philip Pettersson [Wed, 14 Dec 2016 12:24:56 +0000 (13:24 +0100)]
packet: fix race condition in packet_set_ring
[ Upstream commit
84ac7260236a49c79eede91617700174c2c19b0c ]
When packet_set_ring creates a ring buffer it will initialize a
struct timer_list if the packet version is TPACKET_V3. This value
can then be raced by a different thread calling setsockopt to
set the version to TPACKET_V1 before packet_set_ring has finished.
This leads to a use-after-free on a function pointer in the
struct timer_list when the socket is closed as the previously
initialized timer will not be deleted.
The bug is fixed by taking lock_sock(sk) in packet_setsockopt when
changing the packet version while also taking the lock at the start
of packet_set_ring.
Fixes:
f6fb8f100b80 ("af-packet: TPACKET_V3 flexible buffer implementation.")
Signed-off-by: Philip Pettersson <philip.pettersson@gmail.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
[mainline backport of commit
5c120b79dd6601a987eb33214f2686e5b75f3c3e to resolve CVE-2016-8655]
Change-Id: I587603ef7796a4b227aa992a873fd6d5ec22774a
Signed-off-by: Jaechul Lee <jcsing.lee@samsung.com>
David Howells [Wed, 26 Oct 2016 14:01:54 +0000 (15:01 +0100)]
KEYS: Fix short sprintf buffer in /proc/keys show function
[ Upstream commit
03dab869b7b239c4e013ec82aea22e181e441cfc ]
This fixes CVE-2016-7042.
Fix a short sprintf buffer in proc_keys_show(). If the gcc stack protector
is turned on, this can cause a panic due to stack corruption.
The problem is that xbuf[] is not big enough to hold a 64-bit timeout
rendered as weeks:
(gdb) p 0xffffffffffffffffULL/(60*60*24*7)
$2 =
30500568904943
That's 14 chars plus NUL, not 11 chars plus NUL.
Expand the buffer to 16 chars.
I think the unpatched code apparently works if the stack-protector is not
enabled because on a 32-bit machine the buffer won't be overflowed and on a
64-bit machine there's a 64-bit aligned pointer at one side and an int that
isn't checked again on the other side.
The panic incurred looks something like:
Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in:
ffffffff81352ebe
CPU: 0 PID: 1692 Comm: reproducer Not tainted 4.7.2-201.fc24.x86_64 #1
Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
0000000000000086 00000000fbbd2679 ffff8800a044bc00 ffffffff813d941f
ffffffff81a28d58 ffff8800a044bc98 ffff8800a044bc88 ffffffff811b2cb6
ffff880000000010 ffff8800a044bc98 ffff8800a044bc30 00000000fbbd2679
Call Trace:
[<
ffffffff813d941f>] dump_stack+0x63/0x84
[<
ffffffff811b2cb6>] panic+0xde/0x22a
[<
ffffffff81352ebe>] ? proc_keys_show+0x3ce/0x3d0
[<
ffffffff8109f7f9>] __stack_chk_fail+0x19/0x30
[<
ffffffff81352ebe>] proc_keys_show+0x3ce/0x3d0
[<
ffffffff81350410>] ? key_validate+0x50/0x50
[<
ffffffff8134db30>] ? key_default_cmp+0x20/0x20
[<
ffffffff8126b31c>] seq_read+0x2cc/0x390
[<
ffffffff812b6b12>] proc_reg_read+0x42/0x70
[<
ffffffff81244fc7>] __vfs_read+0x37/0x150
[<
ffffffff81357020>] ? security_file_permission+0xa0/0xc0
[<
ffffffff81246156>] vfs_read+0x96/0x130
[<
ffffffff81247635>] SyS_read+0x55/0xc0
[<
ffffffff817eb872>] entry_SYSCALL_64_fastpath+0x1a/0xa4
Reported-by: Ondrej Kozina <okozina@redhat.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Tested-by: Ondrej Kozina <okozina@redhat.com>
cc: stable@vger.kernel.org
Signed-off-by: James Morris <james.l.morris@oracle.com>
Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
[mainline backport of commit
abe571f80e33d3df7741d15cd03a8b95a93f659f]
Change-Id: I9785f8f6a9bb18d734b75b9c929be90ca433c5ab
Signed-off-by: Jaechul Lee <jcsing.lee@samsung.com>
Jeff Mahoney [Tue, 5 Jul 2016 21:32:30 +0000 (17:32 -0400)]
ecryptfs: don't allow mmap when the lower fs doesn't support it
[ Upstream commit
f0fe970df3838c202ef6c07a4c2b36838ef0a88b ]
There are legitimate reasons to disallow mmap on certain files, notably
in sysfs or procfs. We shouldn't emulate mmap support on file systems
that don't offer support natively.
CVE-2016-1583
Signed-off-by: Jeff Mahoney <jeffm@suse.com>
Cc: stable@vger.kernel.org
[tyhicks: clean up f_op check by using ecryptfs_file_to_lower()]
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
[mainline backport of commit
8c8e669bb8c5f690976883dd3b7a32d605c58d9a]
Change-Id: I47d4d1c3945782ff77bf58259fcafff4d2f7e7b3
Signed-off-by: Jaechul Lee <jcsing.lee@samsung.com>
Ben Hutchings [Sun, 1 Nov 2015 16:22:53 +0000 (16:22 +0000)]
ppp, slip: Validate VJ compression slot parameters completely
[ Upstream commit
4ab42d78e37a294ac7bc56901d563c642e03c4ae ]
Currently slhc_init() treats out-of-range values of rslots and tslots
as equivalent to 0, except that if tslots is too large it will
dereference a null pointer (CVE-2015-7799).
Add a range-check at the top of the function and make it return an
ERR_PTR() on error instead of NULL. Change the callers accordingly.
Compile-tested only.
Reported-by: 郭永刚 <guoyonggang@360.cn>
References: http://article.gmane.org/gmane.comp.security.oss.general/17908
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
[mainline backport of commit
82185755d90c8047c6f4b589c39998ff3d4ca3ad]
Change-Id: Icb00d92ae3e8e8f5d4d06dd55955e1f98a2980b5
Signed-off-by: Jaechul Lee <jcsing.lee@samsung.com>
Yevgeny Pats [Tue, 19 Jan 2016 22:09:04 +0000 (22:09 +0000)]
KEYS: Fix keyring ref leak in join_session_keyring()
[ Upstream commit
23567fd052a9abb6d67fe8e7a9ccdd9800a540f2 ]
This fixes CVE-2016-0728.
If a thread is asked to join as a session keyring the keyring that's already
set as its session, we leak a keyring reference.
This can be tested with the following program:
#include <stddef.h>
#include <stdio.h>
#include <sys/types.h>
#include <keyutils.h>
int main(int argc, const char *argv[])
{
int i = 0;
key_serial_t serial;
serial = keyctl(KEYCTL_JOIN_SESSION_KEYRING,
"leaked-keyring");
if (serial < 0) {
perror("keyctl");
return -1;
}
if (keyctl(KEYCTL_SETPERM, serial,
KEY_POS_ALL | KEY_USR_ALL) < 0) {
perror("keyctl");
return -1;
}
for (i = 0; i < 100; i++) {
serial = keyctl(KEYCTL_JOIN_SESSION_KEYRING,
"leaked-keyring");
if (serial < 0) {
perror("keyctl");
return -1;
}
}
return 0;
}
If, after the program has run, there something like the following line in
/proc/keys:
3f3d898f I--Q--- 100 perm
3f3f0000 0 0 keyring leaked-keyring: empty
with a usage count of 100 * the number of times the program has been run,
then the kernel is malfunctioning. If leaked-keyring has zero usages or
has been garbage collected, then the problem is fixed.
Reported-by: Yevgeny Pats <yevgeny@perception-point.io>
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Don Zickus <dzickus@redhat.com>
Acked-by: Prarit Bhargava <prarit@redhat.com>
Acked-by: Jarod Wilson <jarod@redhat.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
[mainline backport of commit
d25b4531a808bd0faae3dcd0553421d0570373d1]
Change-Id: I00f47005e93ffb2fe1c68024e9d6820f35ac2602
Signed-off-by: Jaechul Lee <jcsing.lee@samsung.com>
David Howells [Fri, 18 Dec 2015 01:34:26 +0000 (01:34 +0000)]
KEYS: Fix race between read and revoke
[ Upstream commit
b4a1b4f5047e4f54e194681125c74c0aa64d637d ]
This fixes CVE-2015-7550.
There's a race between keyctl_read() and keyctl_revoke(). If the revoke
happens between keyctl_read() checking the validity of a key and the key's
semaphore being taken, then the key type read method will see a revoked key.
This causes a problem for the user-defined key type because it assumes in
its read method that there will always be a payload in a non-revoked key
and doesn't check for a NULL pointer.
Fix this by making keyctl_read() check the validity of a key after taking
semaphore instead of before.
I think the bug was introduced with the original keyrings code.
This was discovered by a multithreaded test program generated by syzkaller
(http://github.com/google/syzkaller). Here's a cleaned up version:
#include <sys/types.h>
#include <keyutils.h>
#include <pthread.h>
void *thr0(void *arg)
{
key_serial_t key = (unsigned long)arg;
keyctl_revoke(key);
return 0;
}
void *thr1(void *arg)
{
key_serial_t key = (unsigned long)arg;
char buffer[16];
keyctl_read(key, buffer, 16);
return 0;
}
int main()
{
key_serial_t key = add_key("user", "%", "foo", 3, KEY_SPEC_USER_KEYRING);
pthread_t th[5];
pthread_create(&th[0], 0, thr0, (void *)(unsigned long)key);
pthread_create(&th[1], 0, thr1, (void *)(unsigned long)key);
pthread_create(&th[2], 0, thr0, (void *)(unsigned long)key);
pthread_create(&th[3], 0, thr1, (void *)(unsigned long)key);
pthread_join(th[0], 0);
pthread_join(th[1], 0);
pthread_join(th[2], 0);
pthread_join(th[3], 0);
return 0;
}
Build as:
cc -o keyctl-race keyctl-race.c -lkeyutils -lpthread
Run as:
while keyctl-race; do :; done
as it may need several iterations to crash the kernel. The crash can be
summarised as:
BUG: unable to handle kernel NULL pointer dereference at
0000000000000010
IP: [<
ffffffff81279b08>] user_read+0x56/0xa3
...
Call Trace:
[<
ffffffff81276aa9>] keyctl_read_key+0xb6/0xd7
[<
ffffffff81277815>] SyS_keyctl+0x83/0xe0
[<
ffffffff815dbb97>] entry_SYSCALL_64_fastpath+0x12/0x6f
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Tested-by: Dmitry Vyukov <dvyukov@google.com>
Cc: stable@vger.kernel.org
Signed-off-by: James Morris <james.l.morris@oracle.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
[mainline backport of commit
e41946e47ec501023afd7e5dfeb794ab7492e7c0]
Change-Id: Ic57adba03af8c5d8c50d7b4817ae9e48adba677f
Signed-off-by: Jaechul Lee <jcsing.lee@samsung.com>
Quentin Casasnovas [Tue, 24 Nov 2015 22:13:21 +0000 (17:13 -0500)]
RDS: fix race condition when sending a message on unbound socket
[ Upstream commit
8c7188b23474cca017b3ef354c4a58456f68303a ]
Sasha's found a NULL pointer dereference in the RDS connection code when
sending a message to an apparently unbound socket. The problem is caused
by the code checking if the socket is bound in rds_sendmsg(), which checks
the rs_bound_addr field without taking a lock on the socket. This opens a
race where rs_bound_addr is temporarily set but where the transport is not
in rds_bind(), leading to a NULL pointer dereference when trying to
dereference 'trans' in __rds_conn_create().
Vegard wrote a reproducer for this issue, so kindly ask him to share if
you're interested.
I cannot reproduce the NULL pointer dereference using Vegard's reproducer
with this patch, whereas I could without.
Complete earlier incomplete fix to CVE-2015-6937:
74e98eb08588 ("RDS: verify the underlying transport exists before creating a connection")
Cc: David S. Miller <davem@davemloft.net>
Cc: stable@vger.kernel.org
Change-Id: I7b41743a51bd3213de624d6165c6366c9f808067
Reviewed-by: Vegard Nossum <vegard.nossum@oracle.com>
Reviewed-by: Sasha Levin <sasha.levin@oracle.com>
Acked-by: Santosh Shilimkar <santosh.shilimkar@oracle.com>
Signed-off-by: Quentin Casasnovas <quentin.casasnovas@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
[mainline backport of commit
96c7b10cd8000973035b667adf62ea1164f4b9b4]
Change-Id: I7b41743a51bd3213de624d6165c6366c9f808067
Signed-off-by: Jaechul Lee <jcsing.lee@samsung.com>
Hannes Frederic Sowa [Mon, 14 Dec 2015 21:03:39 +0000 (22:03 +0100)]
net: add validation for the socket syscall protocol argument
[ Upstream commit
79462ad02e861803b3840cc782248c7359451cd9 ]
郭永刚 reported that one could simply crash the kernel as root by
using a simple program:
int socket_fd;
struct sockaddr_in addr;
addr.sin_port = 0;
addr.sin_addr.s_addr = INADDR_ANY;
addr.sin_family = 10;
socket_fd = socket(10,3,0x40000000);
connect(socket_fd , &addr,16);
AF_INET, AF_INET6 sockets actually only support 8-bit protocol
identifiers. inet_sock's skc_protocol field thus is sized accordingly,
thus larger protocol identifiers simply cut off the higher bits and
store a zero in the protocol fields.
This could lead to e.g. NULL function pointer because as a result of
the cut off inet_num is zero and we call down to inet_autobind, which
is NULL for raw sockets.
kernel: Call Trace:
kernel: [<
ffffffff816db90e>] ? inet_autobind+0x2e/0x70
kernel: [<
ffffffff816db9a4>] inet_dgram_connect+0x54/0x80
kernel: [<
ffffffff81645069>] SYSC_connect+0xd9/0x110
kernel: [<
ffffffff810ac51b>] ? ptrace_notify+0x5b/0x80
kernel: [<
ffffffff810236d8>] ? syscall_trace_enter_phase2+0x108/0x200
kernel: [<
ffffffff81645e0e>] SyS_connect+0xe/0x10
kernel: [<
ffffffff81779515>] tracesys_phase2+0x84/0x89
I found no particular commit which introduced this problem.
CVE: CVE-2015-8543
Cc: Cong Wang <cwang@twopensource.com>
Reported-by: 郭永刚 <guoyonggang@360.cn>
Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
[mainline backport of commit
e60ccfd9e596b48d4b9d6e2b5440261c83d10c12]
Change-Id: Ia74ccac11d64e4e107b2696661abf87787fd62eb
Signed-off-by: Jaechul Lee <jcsing.lee@samsung.com>
Colin Ian King [Mon, 27 Jul 2015 14:23:43 +0000 (15:23 +0100)]
KEYS: ensure we free the assoc array edit if edit is valid
[ Upstream commit HEAD ]
commit
ca4da5dd1f99fe9c59f1709fb43e818b18ad20e0 upstream.
__key_link_end is not freeing the associated array edit structure
and this leads to a 512 byte memory leak each time an identical
existing key is added with add_key().
The reason the add_key() system call returns okay is that
key_create_or_update() calls __key_link_begin() before checking to see
whether it can update a key directly rather than adding/replacing - which
it turns out it can. Thus __key_link() is not called through
__key_instantiate_and_link() and __key_link_end() must cancel the edit.
CVE-2015-1333
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit
c9cd9b18dac801040ada16562dc579d5ac366d75)
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
[mainline backport of commit
66db51c9f7b2fe7ebdfa753b2aa9abbb9feddc87]
Change-Id: I00cf148142abfc956609aeb35b030b4d1bba16e6
Signed-off-by: Jaechul Lee <jcsing.lee@samsung.com>
Marek Szyprowski [Tue, 21 Feb 2017 13:21:01 +0000 (14:21 +0100)]
dma-buf: add support for compat ioctl
Add compat ioctl support to dma-buf. This lets one to use DMA_BUF_IOCTL_SYNC
ioctl from 32bit application on 64bit kernel. Data structures for both 32
and 64bit modes are same, so there is no need for additional translation
layer.
Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
Reviewed-by: Christian König <christian.koenig@amd.com>
Acked-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Signed-off-by: Sumit Semwal <sumit.semwal@linaro.org>
Link: http://patchwork.freedesktop.org/patch/msgid/1487683261-2655-1-git-send-email-m.szyprowski@samsung.com
[Adjust commit-msg with commit in next tree]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Change-Id: I902d06598ffa5a8985274185f6dc5b15ae119fcb
Daniel Vetter [Tue, 21 Feb 2017 07:37:38 +0000 (16:37 +0900)]
dma-buf: Add ioctls to allow userspace to flush
The userspace might need some sort of cache coherency management e.g. when CPU
and GPU domains are being accessed through dma-buf at the same time. To
circumvent this problem there are begin/end coherency markers, that forward
directly to existing dma-buf device drivers vfunc hooks. Userspace can make use
of those markers through the DMA_BUF_IOCTL_SYNC ioctl. The sequence would be
used like following:
- mmap dma-buf fd
- for each drawing/upload cycle in CPU 1. SYNC_START ioctl, 2. read/write
to mmap area 3. SYNC_END ioctl. This can be repeated as often as you
want (with the new data being consumed by the GPU or say scanout device)
- munmap once you don't need the buffer any more
v2 (Tiago): Fix header file type names (u64 -> __u64)
v3 (Tiago): Add documentation. Use enum dma_buf_sync_flags to the begin/end
dma-buf functions. Check for overflows in start/length.
v4 (Tiago): use 2d regions for sync.
v5 (Tiago): forget about 2d regions (v4); use _IOW in DMA_BUF_IOCTL_SYNC and
remove range information from struct dma_buf_sync.
v6 (Tiago): use __u64 structured padded flags instead enum. Adjust
documentation about the recommendation on using sync ioctls.
v7 (Tiago): Alex' nit on flags definition and being even more wording in the
doc about sync usage.
v9 (Tiago): remove useless is_dma_buf_file check. Fix sync.flags conditionals
and its mask order check. Add <linux/types.h> include in dma-buf.h.
Change-Id: Id20b5354ba481e2d896b08500e1323eedcb16e5b
Cc: Ville Syrjälä <ville.syrjala@linux.intel.com>
Cc: David Herrmann <dh.herrmann@gmail.com>
Cc: Sumit Semwal <sumit.semwal@linaro.org>
Reviewed-by: Stéphane Marchesin <marcheu@chromium.org>
Signed-off-by: Daniel Vetter <daniel.vetter@intel.com>
Signed-off-by: Tiago Vignatti <tiago.vignatti@intel.com>
Reviewed-by: David Herrmann <dh.herrmann@gmail.com>
Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
Link: http://patchwork.freedesktop.org/patch/msgid/1455228291-29640-1-git-send-email-tiago.vignatti@intel.com
And below things are included,
- backport of mainline commit
831e9da7dc5c22fd2a5fb64e999f6e077a4338c3
- fix build errors incurred by argument mismatches of dma_buf_begin/end_cpu_access function calls in v4l2/mali/ion drivers.
Signed-off-by: Inki Dae <inki.dae@samsung.com>
Jaechul Lee [Mon, 6 Mar 2017 09:33:36 +0000 (18:33 +0900)]
packaging: exported kernel-header based on armv7l
There were difference in kernel-headers between arch64 and armv7l
architecture. It need to be built and exported respectively. So, I
enabled building and made kernel-headers for armv7l.
Change-Id: Ia890e98a591f3474711313ab41800712717190f8
Signed-off-by: Jaechul Lee <jcsing.lee@samsung.com>
Dongwoo Lee [Thu, 23 Feb 2017 07:01:05 +0000 (16:01 +0900)]
power: battery: sec-battery: Add support for disabling battery charge
The new attribute "disable_charge" will be added. If this attribute is
set to 1, battery charging completely stops within "discharging"
state, and it cannot resume until restoring the attribute as 0 or
rebooting the target.
Change-Id: I0638bf73ba89d72c34d1c338a411e6d4978060db
Signed-off-by: Dongwoo Lee <dwoo08.lee@samsung.com>
Jaechul Lee [Fri, 17 Feb 2017 05:11:59 +0000 (14:11 +0900)]
packaging: exported kernel-header properly
Orginally, kernel-header which is based on 3.18.14 was exported.
We applied some patches on the kernel therefore it need to export
patched kernel-header again. Moreover, organized spec script properly
and removed unnecessary code.
Change-Id: I8935d9cc374a2551e57a4ba4f551c047abad2814
Signed-off-by: Jaechul Lee <jcsing.lee@samsung.com>
Jaechul Lee [Thu, 16 Feb 2017 05:47:49 +0000 (14:47 +0900)]
packaging: added execution authority to script files
GBS build would be failed sometimes because script file don't have
execution authority even though I already added execution permission
like this '755'. So, I added execute permisson forcibly while RPM is
executed.
Change-Id: Ie014c03575659c5f1bca18af8572c712251c38fd
Signed-off-by: Jaechul Lee <jcsing.lee@samsung.com>
Jaechul Lee [Thu, 16 Feb 2017 02:13:37 +0000 (11:13 +0900)]
packaging: removed '%post' script and unnecessary code
There are two rpms as a result such as aarch64 and armv7l. In case of
aarh64, It works well but %post script in armv7l arch won't run because
of baselibs. Therefore, I located dzImage in /boot/kernel/dzImage
directly.
Change-Id: Ibeb43d6db22f597b9ffad07d16b925516ea1950d
Signed-off-by: Jaechul Lee <jcsing.lee@samsung.com>
Jaechul Lee [Thu, 16 Feb 2017 05:42:28 +0000 (14:42 +0900)]
packaging: removed code associated with module build
It is not need to build kernel modules, we don't use it.
Change-Id: I534648cf110ae606187a75bca6e49bd9d954eb33
Signed-off-by: Jaechul Lee <jcsing.lee@samsung.com>
Jaechul Lee [Wed, 15 Feb 2017 10:03:56 +0000 (19:03 +0900)]
packaging: baselibs didn't work.
if i use the name of rpm packages included '.' or '_' like
'linux-3.18-tizen_tw2', it will be failed to make armv7l rpm packages.
Signed-off-by: Jaechul Lee <jcsing.lee@samsung.com>
Jaechul Lee [Wed, 15 Feb 2017 08:24:48 +0000 (17:24 +0900)]
packaging: fixed baselibs contents.
added "+/" for making arm7l binary and changed rpm name.
Signed-off-by: Jaechul Lee <jcsing.lee@samsung.com>
Jaechul Lee [Wed, 15 Feb 2017 07:53:02 +0000 (16:53 +0900)]
packaging: added 'ExclusiveArch:aarch64'
TW2 should be built to use aarch64.
Signed-off-by: Jaechul Lee <jcsing.lee@samsung.com>
Jaechul Lee [Fri, 10 Feb 2017 05:25:48 +0000 (14:25 +0900)]
packaging: added baselibs.conf for building arm7l arch.
It also need to build kernel based on arm7l.
Signed-off-by: Jaechul Lee <jcsing.lee@samsung.com>
Jaechul Lee [Thu, 9 Feb 2017 00:18:19 +0000 (09:18 +0900)]
packaging: fixed the permission error when execute "scripts/exynos_*.sh"
script files for dtb were created with 644 permission in the scratchbox even
though i already changed perm to 755. Therefore, build will be failed when
execute "exynos_dtbtool.sh" because it doesn't have 'x' permission.
I tried to touch these files again and it worked well. I suspect that first
patch couldn't apply the file attribute. That's why i made this meaningless
commit.
Signed-off-by: Jaechul Lee <jcsing.lee@samsung.com>
Jaechul Lee [Wed, 8 Feb 2017 01:06:03 +0000 (10:06 +0900)]
packaging: removed useless BuildRequires.
Removed useless "BuildRequires" in the spec file such as gcc, lzop, python and
etc. It is possible to build kernel without these packages.
The reason why, kernel doesn't need to have dependencies these packages
associated with Tizen platform.
Signed-off-by: Jaechul Lee <jcsing.lee@samsung.com>
Jaechul Lee [Tue, 7 Feb 2017 09:53:06 +0000 (18:53 +0900)]
arm64: defconfig: disable SWAP_DA config.
removed useless config.
Signed-off-by: Jaechul Lee <jcsing.lee@samsung.com>
Jaechul Lee [Tue, 7 Feb 2017 03:53:43 +0000 (12:53 +0900)]
input: removed annoying input event logs.
Removed unnecessary logs when occuring hardkeys, touchscreen, rotary event.
Signed-off-by: Jaechul Lee <jcsing.lee@samsung.com>
Jaechul Lee [Tue, 7 Feb 2017 04:40:28 +0000 (13:40 +0900)]
arm64: defconfig: changed defconfig name to tw2 from solis
Removed unnecessary defconfigs and changed defconfig name to tw2.
Signed-off-by: Jaechul Lee <jcsing.lee@samsung.com>
Jin-young Jeon [Mon, 19 Dec 2016 05:53:50 +0000 (14:53 +0900)]
drm/tgm: tbm: implement prime import ops on gem_ion.
This patch implementes prime import for gem_ion.
Signed-off-by: Jin-young Jeon <jy0.jeon@samsung.com>
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Jin-young Jeon [Mon, 19 Dec 2016 04:57:47 +0000 (13:57 +0900)]
ion: add apis to get client property.
This patch adds APIs to get ion client property.
Signed-off-by: Jin-young Jeon <jy0.jeon@samsung.com>
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Seung-Woo Kim [Mon, 6 Feb 2017 11:31:46 +0000 (20:31 +0900)]
power-supply: sync supply properties and type
This patch fixes to sync supply properties and their type to avoid
int type in string type position.
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Seung-Woo Kim [Mon, 6 Feb 2017 11:29:56 +0000 (20:29 +0900)]
battery: p9220: adjust log and log level for get_property
The get_property function prints not matched value with info level,
so this patch adjusts value name and change to debug level.
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Jaechul Lee [Thu, 2 Feb 2017 10:38:08 +0000 (19:38 +0900)]
video: exynos: Add DECON_STATE_INIT in the suspend function
DECON_STATE_INIT is not defined in the suspend function. So, it return while
booting tizen. Besides, added logs to check the device state.
Errors
dpm_run_callback(): pm_genpd_suspend+0x0/0x78 returns -16
PM: Device
14830000.decon_fb failed to suspend: error -16
Signed-off-by: Jaechul Lee <jcsing.lee@samsung.com>
Jaechul Lee [Wed, 1 Feb 2017 02:22:48 +0000 (11:22 +0900)]
power: Removed unnecessary logs during booting and idle state.
Changed levels of unnecessary log to debug from error and info.
Moreover, changed error code to ENODATA from EINVAL to avoid printing out
too much logs during idle state.
Signed-off-by: Jaechul Lee <jcsing.lee@samsung.com>
Jaechul Lee [Mon, 30 Jan 2017 23:58:22 +0000 (08:58 +0900)]
packaging: Added '.gbs.conf' for partial build
Added gbs configuration file for enhanced building.
it makes gbs build faster than before.
Signed-off-by: Jaechul Lee <jcsing.lee@samsung.com>
Jaechul Lee [Thu, 26 Jan 2017 01:13:24 +0000 (10:13 +0900)]
packaging: Made build scripts for GBS.
Build scripts were fixed to be worked on GBS environment based on gcc6.
Signed-off-by: Jaechul Lee <jcsing.lee@samsung.com>
Seung-Woo Kim [Wed, 25 Jan 2017 10:31:12 +0000 (19:31 +0900)]
arm64: tizen_solis_defconfig: adjust smack options
This patch adjusts smack options to enable smack netfilter and
smack append signals.
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Roman Kubiak [Fri, 12 Jun 2015 10:32:57 +0000 (12:32 +0200)]
netfilter: nfnetlink_queue: add security context information
This patch adds an additional attribute when sending
packet information via netlink in netfilter_queue module.
It will send additional security context data, so that
userspace applications can verify this context against
their own security databases.
Signed-off-by: Roman Kubiak <r.kubiak@samsung.com>
Acked-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Casey Schaufler [Wed, 11 Feb 2015 20:52:32 +0000 (12:52 -0800)]
Smack: secmark connections
If the secmark is available us it on connection as
well as packet delivery.
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Casey Schaufler [Fri, 23 Jan 2015 17:31:01 +0000 (09:31 -0800)]
Smack: Repair netfilter dependency
On 1/23/2015 8:20 AM, Jim Davis wrote:
> Building with the attached random configuration file,
>
> security/smack/smack_netfilter.c: In function ‘smack_ipv4_output’:
> security/smack/smack_netfilter.c:55:6: error: ‘struct sk_buff’ has no
> member named ‘secmark’
> skb->secmark = skp->smk_secid;
> ^
> make[2]: *** [security/smack/smack_netfilter.o] Error 1
The existing Makefile used the wrong configuration option to
determine if smack_netfilter should be built. This sets it right.
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Casey Schaufler [Sat, 13 Dec 2014 01:08:40 +0000 (17:08 -0800)]
Smack: secmark support for netfilter
Smack uses CIPSO to label internet packets and thus provide
for access control on delivery of packets. The netfilter facility
was not used to allow for Smack to work properly without netfilter
configuration. Smack does not need netfilter, however there are
cases where it would be handy.
As a side effect, the labeling of local IPv4 packets can be optimized
and the handling of local IPv6 packets is just all out better.
The best part is that the netfilter tools use "contexts" that
are just strings, and they work just as well for Smack as they
do for SELinux.
All of the conditional compilation for IPv6 was implemented
by Rafal Krypa <r.krypa@samsung.com>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Seung-Woo Kim [Mon, 12 Dec 2016 08:35:26 +0000 (17:35 +0900)]
Smack: ignore private inode for file functions
The access to fd from anon_inode is always failed because there is
no set xattr operations. So this patch fixes to ignore private
inode including anon_inode for file functions.
It was only ignored for smack_file_receive() to share dma-buf fd,
but dma-buf has other functions like ioctl and mmap.
Reference: https://lkml.org/lkml/2015/4/17/16
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Rafal Krypa [Fri, 9 Dec 2016 13:03:04 +0000 (14:03 +0100)]
Smack: fix d_instantiate logic for sockfs and pipefs
Since
4b936885a (v2.6.32) all inodes on sockfs and pipefs are disconnected.
It caused filesystem specific code in smack_d_instantiate to be skipped,
because all inodes on those pseudo filesystems were treated as root inodes.
As a result all sockfs inodes had the Smack label set to floor.
In most cases access checks for sockets use socket_smack data so the inode
label is not important. But there are special cases that were broken.
One example would be calling fcntl with F_SETOWN command on a socket fd.
Now smack_d_instantiate expects all pipefs and sockfs inodes to be
disconnected and has the logic in appropriate place.
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
jooseong lee [Thu, 3 Nov 2016 10:54:39 +0000 (11:54 +0100)]
Smack: Assign smack_known_web label for kernel thread's
Assign smack_known_web label for kernel thread's socket
Creating struct sock by sk_alloc function in various kernel subsystems
like bluetooth doesn't call smack_socket_post_create(). In such case,
received sock label is the floor('_') label and makes access deny.
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
Acked-by: Casey Schaufler <casey@schaufler-ca.com>
Casey Schaufler [Tue, 30 Aug 2016 17:31:39 +0000 (10:31 -0700)]
Smack: Signal delivery as an append operation
Under a strict subject/object security policy delivering a
signal or delivering network IPC could be considered either
a write or an append operation. The original choice to make
both write operations leads to an issue where IPC delivery
is desired under policy, but delivery of signals is not.
This patch provides the option of making signal delivery
an append operation, allowing Smack rules that deny signal
delivery while allowing IPC. This was requested for Tizen.
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Seung-Woo Kim [Sat, 21 Jan 2017 03:32:05 +0000 (12:32 +0900)]
modem_if: remove not necessary comparison
The numerical comparison on boolean value causes build warning
with gcc 6, so this patch removes not necessary comparison.
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Seung-Woo Kim [Sat, 21 Jan 2017 03:28:57 +0000 (12:28 +0900)]
fix non proper indents for if clause
non proper indent for if clause causes build error with gcc 6. So
this patch fixes them.
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Seung-Woo Kim [Sat, 21 Jan 2017 03:26:22 +0000 (12:26 +0900)]
SWAP-DA: remove invalid semicolons on energy module
There are invalid semicolons after if clause on energy module and
it causes following build error with gcc 6, so this patch removes
the invalid semicolons.
kernel/swap/energy/energy.c: In function 'calc_wifi_recv_energy':
kernel/swap/energy/energy.c:640:2: error: this 'if' clause does not guard... [-Werror=misleading-indentation]
if (len <= 0 || check_wlan0(sock));
^~
kernel/swap/energy/energy.c:641:3: note: ...this statement, but the latter is misleadingly indented as if it is guarded by the 'if'
return;
^~~~~~
kernel/swap/energy/energy.c: In function 'calc_wifi_send_energy':
kernel/swap/energy/energy.c:653:2: error: this 'if' clause does not guard... [-Werror=misleading-indentation]
if (len <= 0 || check_wlan0(sock));
^~
kernel/swap/energy/energy.c:654:3: note: ...this statement, but the latter is misleadingly indented as if it is guarded by the 'if'
return;
^~~~~~
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Seung-Woo Kim [Tue, 17 Jan 2017 04:22:22 +0000 (13:22 +0900)]
net: bcm4358: fix not to check same value in macro
When BCMBUSTYPE is not defined, then BUSTYPE(bustype) is just
bustype. So comparing bustype and BUSTYPE(bustype) is not necessary.
This patch removes following build warning with gcc 6.
drivers/net/wireless/bcmdhd4358/siutils.c: In function 'si_doattach':
drivers/net/wireless/bcmdhd4358/siutils.c:512:14: warning: self-comparison always evaluates to false [-Wtautological-compare]
if (bustype != BUSTYPE(bustype)) {
^~
Change-Id: I1cac3dd31bcb86983469830013a1093ed9ceaa89
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Seung-Woo Kim [Sat, 21 Jan 2017 03:09:30 +0000 (12:09 +0900)]
trace: remove invalid semicolon after if clause
The commit
6f6f99a38132 ("trace: add non-hierarchical function_graph option"),
in https://android.googlesource.com/kernel/common.git/+/android-3.18,
added invalid semicolon after if clause, so it causes following
build error on gcc 6, so this patch removes the invalid seimicolon.
kernel/trace/trace_output.c: In function 'trace_graph_ret_raw':
kernel/trace/trace_output.c:976:2: error: this 'if' clause does not guard... [-Werror=misleading-indentation]
if (!trace_seq_printf(&iter->seq, "%lx %lld %lld %ld %d\n",
^~
kernel/trace/trace_output.c:982:3: note: ...this statement, but the latter is misleadingly indented as if it is guarded by the 'if'
return TRACE_TYPE_PARTIAL_LINE;
^~~~~~
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Arnd Bergmann [Tue, 10 May 2016 21:30:01 +0000 (23:30 +0200)]
kbuild: move -Wunused-const-variable to W=1 warning level
[ Upstream commit
c9c6837d39311b0cc14cdbe7c18e815ab44aefb1 ]
gcc-6 started warning by default about variables that are not
used anywhere and that are marked 'const', generating many
false positives in an allmodconfig build, e.g.:
arch/arm/mach-davinci/board-da830-evm.c:282:20: warning: 'da830_evm_emif25_pins' defined but not used [-Wunused-const-variable=]
arch/arm/plat-omap/dmtimer.c:958:34: warning: 'omap_timer_match' defined but not used [-Wunused-const-variable=]
drivers/bluetooth/hci_bcm.c:625:39: warning: 'acpi_bcm_default_gpios' defined but not used [-Wunused-const-variable=]
drivers/char/hw_random/omap-rng.c:92:18: warning: 'reg_map_omap4' defined but not used [-Wunused-const-variable=]
drivers/devfreq/exynos/exynos5_bus.c:381:32: warning: 'exynos5_busfreq_int_pm' defined but not used [-Wunused-const-variable=]
drivers/dma/mv_xor.c:1139:34: warning: 'mv_xor_dt_ids' defined but not used [-Wunused-const-variable=]
This is similar to the existing -Wunused-but-set-variable warning
that was added in an earlier release and that we disable by default
now and only enable when W=1 is set, so it makes sense to do
the same here. Once we have eliminated the majority of the
warnings for both, we can put them back into the default list.
We probably want this in backport kernels as well, to allow building
them with gcc-6 without introducing extra warnings.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Acked-by: Olof Johansson <olof@lixom.net>
Acked-by: Lee Jones <lee.jones@linaro.org>
Cc: stable@vger.kernel.org
Signed-off-by: Michal Marek <mmarek@suse.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
Joe Perches [Thu, 25 Jun 2015 22:01:02 +0000 (15:01 -0700)]
compiler-gcc: integrate the various compiler-gcc[345].h files
[ Upstream commit
f320793e52aee78f0fbb8bcaf10e6614d2e67bfc ]
[ Upstream commit
cb984d101b30eb7478d32df56a0023e4603cba7f ]
As gcc major version numbers are going to advance rather rapidly in the
future, there's no real value in separate files for each compiler
version.
Deduplicate some of the macros #defined in each file too.
Neaten comments using normal kernel commenting style.
Signed-off-by: Joe Perches <joe@perches.com>
Cc: Andi Kleen <andi@firstfloor.org>
Cc: Michal Marek <mmarek@suse.cz>
Cc: Segher Boessenkool <segher@kernel.crashing.org>
Cc: Sasha Levin <levinsasha928@gmail.com>
Cc: Anton Blanchard <anton@samba.org>
Cc: Alan Modra <amodra@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
Seung-Woo Kim [Mon, 23 Jan 2017 07:53:32 +0000 (16:53 +0900)]
build: add exynos system-tools script files
This patch adds exynos system-tools script files to make
merged dtb file and merged kernel file with dtbs.
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Jaechul Lee [Thu, 26 Jan 2017 05:58:55 +0000 (14:58 +0900)]
Imported code from product.
Signed-off-by: Jaechul Lee <jcsing.lee@samsung.com>
Sasha Levin [Wed, 20 May 2015 15:04:50 +0000 (11:04 -0400)]
Linux 3.18.14
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
K. Y. Srinivasan [Thu, 19 Mar 2015 15:11:34 +0000 (08:11 -0700)]
Drivers: hv: vmbus: Don't wait after requesting offers
[ Upstream commit
73cffdb65e679b98893f484063462c045adcf212 ]
Don't wait after sending request for offers to the host. This wait is
unnecessary and simply adds 5 seconds to the boot time.
Signed-off-by: K. Y. Srinivasan <kys@microsoft.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
Thomas Hebb [Thu, 16 Apr 2015 19:47:18 +0000 (12:47 -0700)]
hfsplus: don't store special "osx" xattr prefix on-disk
[ Upstream commit
db579e76f06e78de011b2cb7e028740a82f5558c ]
On Mac OS X, HFS+ extended attributes are not namespaced. Since we want
to be compatible with OS X filesystems and yet still support the Linux
namespacing system, the hfsplus driver implements a special "osx"
namespace that is reported for any attribute that is not namespaced
on-disk. However, the current code for getting and setting these
unprefixed attributes is broken.
hfsplus_osx_setattr() and hfsplus_osx_getattr() are passed names that have
already had their "osx." prefixes stripped by the generic functions. The
functions first, quite correctly, check those names to make sure that they
aren't prefixed with a known namespace, which would allow namespace access
restrictions to be bypassed. However, the functions then prepend "osx."
to the name they're given before passing it on to hfsplus_getattr() and
hfsplus_setattr(). Not only does this cause the "osx." prefix to be
stored on-disk, defeating its purpose, it also breaks the check for the
special "com.apple.FinderInfo" attribute, which is reported for all files,
and as a consequence makes some userspace applications (e.g. GNU patch)
fail even when extended attributes are not otherwise in use.
There are five commits which have touched this particular code:
127e5f5ae51e ("hfsplus: rework functionality of getting, setting and deleting of extended attributes")
b168fff72109 ("hfsplus: use xattr handlers for removexattr")
bf29e886b242 ("hfsplus: correct usage of HFSPLUS_ATTR_MAX_STRLEN for non-English attributes")
fcacbd95e121 ("fs/hfsplus: move xattr_name allocation in hfsplus_getxattr()")
ec1bbd346f18 ("fs/hfsplus: move xattr_name allocation in hfsplus_setxattr()")
The first commit creates the functions to begin with. The namespace is
prepended by the original code, which I believe was correct at the time,
since hfsplus_?etattr() stripped the prefix if found. The second commit
removes this behavior from hfsplus_?etattr() and appears to have been
intended to also remove the prefixing from hfsplus_osx_?etattr().
However, what it actually does is remove a necessary strncpy() call
completely, breaking the osx namespace entirely. The third commit re-adds
the strncpy() call as it was originally, but doesn't mention it in its
commit message. The final two commits refactor the code and don't affect
its functionality.
This commit does what b168fff attempted to do (prevent the prefix from
being added), but does it properly, instead of passing in an empty buffer
(which is what b168fff actually did).
Fixes:
b168fff72109 ("hfsplus: use xattr handlers for removexattr")
Signed-off-by: Thomas Hebb <tommyhebb@gmail.com>
Cc: Hin-Tak Leung <htl10@users.sourceforge.net>
Cc: Sergei Antonov <saproj@gmail.com>
Cc: Anton Altaparmakov <anton@tuxera.com>
Cc: Fabian Frederick <fabf@skynet.be>
Cc: Christian Kujau <lists@nerdbynature.de>
Cc: Christoph Hellwig <hch@infradead.org>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Viacheslav Dubeyko <slava@dubeyko.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
Christian König [Mon, 27 Apr 2015 15:04:36 +0000 (17:04 +0200)]
drm/radeon: check new address before removing old one
[ Upstream commit
c29c0876ec05d51a93508a39b90b92c29ba6423d ]
Otherwise the change isn't atomic.
Signed-off-by: Christian König <christian.koenig@amd.com>
CC: stable@vger.kernel.org
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
Alex Deucher [Mon, 27 Apr 2015 13:51:43 +0000 (09:51 -0400)]
drm/radeon: add SI DPM quirk for Sapphire R9 270 Dual-X 2G GDDR5
[ Upstream commit
cd17e02ff4db58ec32d35cf331c705d295779930 ]
Seems to have problems with high mclks.
bug:
https://bugs.freedesktop.org/show_bug.cgi?id=76490
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
Alex Deucher [Sun, 19 Apr 2015 16:01:00 +0000 (12:01 -0400)]
drm/radeon: adjust pll when audio is not enabled
[ Upstream commit
7fe04d6fa824ccea704535a597dc417c8687f990 ]
Fixes display problems with some monitors when audio
is not enabled.
Bugs:
https://bugs.freedesktop.org/show_bug.cgi?id=89505
https://bugzilla.kernel.org/show_bug.cgi?id=94171
Plus several reports on IRC.
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
Christoph Hellwig [Thu, 23 Apr 2015 07:48:49 +0000 (09:48 +0200)]
3w-sas: fix command completion race
[ Upstream commit
579d69bc1fd56d5af5761969aa529d1d1c188300 ]
The 3w-sas driver needs to tear down the dma mappings before returning
the command to the midlayer, as there is no guarantee the sglist and
count are valid after that point. Also remove the dma mapping helpers
which have another inherent race due to the request_id index.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Reported-by: Torsten Luettgert <ml-lkml@enda.eu>
Tested-by: Bernd Kardatzki <Bernd.Kardatzki@med.uni-tuebingen.de>
Cc: stable@vger.kernel.org
Acked-by: Adam Radford <aradford@gmail.com>
Signed-off-by: James Bottomley <JBottomley@Odin.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
Christoph Hellwig [Thu, 23 Apr 2015 07:48:51 +0000 (09:48 +0200)]
3w-9xxx: fix command completion race
[ Upstream commit
118c855b5623f3e2e6204f02623d88c09e0c34de ]
The 3w-9xxx driver needs to tear down the dma mappings before returning
the command to the midlayer, as there is no guarantee the sglist and
count are valid after that point. Also remove the dma mapping helpers
which have another inherent race due to the request_id index.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Cc: stable@vger.kernel.org
Acked-by: Adam Radford <aradford@gmail.com>
Signed-off-by: James Bottomley <JBottomley@Odin.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
Christoph Hellwig [Thu, 23 Apr 2015 07:48:50 +0000 (09:48 +0200)]
3w-xxxx: fix command completion race
[ Upstream commit
9cd9554615cba14f0877cc9972a6537ad2bdde61 ]
The 3w-xxxx driver needs to tear down the dma mappings before returning
the command to the midlayer, as there is no guarantee the sglist and
count are valid after that point. Also remove the dma mapping helpers
which have another inherent race due to the request_id index.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Cc: stable@vger.kernel.org
Acked-by: Adam Radford <aradford@gmail.com>
Signed-off-by: James Bottomley <JBottomley@Odin.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
Davide Italiano [Sun, 3 May 2015 03:21:15 +0000 (23:21 -0400)]
ext4: move check under lock scope to close a race.
[ Upstream commit
280227a75b56ab5d35854f3a77ef74a7ad56a203 ]
fallocate() checks that the file is extent-based and returns
EOPNOTSUPP in case is not. Other tasks can convert from and to
indirect and extent so it's safe to check only after grabbing
the inode mutex.
Signed-off-by: Davide Italiano <dccitaliano@gmail.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@vger.kernel.org
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
Lukas Czerner [Sun, 3 May 2015 01:36:55 +0000 (21:36 -0400)]
ext4: fix data corruption caused by unwritten and delayed extents
[ Upstream commit
d2dc317d564a46dfc683978a2e5a4f91434e9711 ]
Currently it is possible to lose whole file system block worth of data
when we hit the specific interaction with unwritten and delayed extents
in status extent tree.
The problem is that when we insert delayed extent into extent status
tree the only way to get rid of it is when we write out delayed buffer.
However there is a limitation in the extent status tree implementation
so that when inserting unwritten extent should there be even a single
delayed block the whole unwritten extent would be marked as delayed.
At this point, there is no way to get rid of the delayed extents,
because there are no delayed buffers to write out. So when a we write
into said unwritten extent we will convert it to written, but it still
remains delayed.
When we try to write into that block later ext4_da_map_blocks() will set
the buffer new and delayed and map it to invalid block which causes
the rest of the block to be zeroed loosing already written data.
For now we can fix this by simply not allowing to set delayed status on
written extent in the extent status tree. Also add WARN_ON() to make
sure that we notice if this happens in the future.
This problem can be easily reproduced by running the following xfs_io.
xfs_io -f -c "pwrite -S 0xaa 4096 2048" \
-c "falloc 0 131072" \
-c "pwrite -S 0xbb 65536 2048" \
-c "fsync" /mnt/test/fff
echo 3 > /proc/sys/vm/drop_caches
xfs_io -c "pwrite -S 0xdd 67584 2048" /mnt/test/fff
This can be theoretically also reproduced by at random by running fsx,
but it's not very reliable, though on machines with bigger page size
(like ppc) this can be seen more often (especially xfstest generic/127)
Signed-off-by: Lukas Czerner <lczerner@redhat.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@vger.kernel.org
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
Hans de Goede [Tue, 21 Apr 2015 09:20:32 +0000 (11:20 +0200)]
uas: Set max_sectors_240 quirk for ASM1053 devices
[ Upstream commit
8e779c6c4a398763c21371fe40f649206041dc1e ]
Testing has shown that ASM1053 devices do not work properly with transfers
larger than 240 sectors, so set max_sectors to 240 on these.
Cc: stable@vger.kernel.org # 3.16
Reported-by: Steve Bangert <sbangert@frontier.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Tested-by: Steve Bangert <sbangert@frontier.com>
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
Hans de Goede [Tue, 21 Apr 2015 09:20:31 +0000 (11:20 +0200)]
uas: Add US_FL_MAX_SECTORS_240 flag
[ Upstream commit
ee136af4a064c2f61e2025873584d2c7ec93f4ae ]
The usb-storage driver sets max_sectors = 240 in its scsi-host template,
for uas we do not want to do that for all devices, but testing has shown
that some devices need it.
This commit adds a US_FL_MAX_SECTORS_240 flag for such devices, and
implements support for it in uas.c, while at it it also adds support
for US_FL_MAX_SECTORS_64 to uas.c.
Cc: stable@vger.kernel.org # 3.16
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
Hans de Goede [Tue, 21 Apr 2015 09:20:30 +0000 (11:20 +0200)]
uas: Allow uas_use_uas_driver to return usb-storage flags
[ Upstream commit
a5011d44f0e1117a6db14b19b57c51f8be5673a0 ]
uas_use_uas_driver may set some US_FL_foo flags during detection, currently
these are stored in a local variable and then throw away, but these may be
of interest to the caller, so add an extra parameter to (optionally) return
the detected flags, and use this in the uas driver.
Cc: stable@vger.kernel.org # 3.16
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
Ilya Dryomov [Sat, 25 Apr 2015 12:56:15 +0000 (15:56 +0300)]
rbd: end I/O the entire obj_request on error
[ Upstream commit
082a75dad84d79d1c15ea9e50f31cb4bb4fa7fd6 ]
When we end I/O struct request with error, we need to pass
obj_request->length as @nr_bytes so that the entire obj_request worth
of bytes is completed. Otherwise block layer ends up confused and we
trip on
rbd_assert(more ^ (which == img_request->obj_request_count));
in rbd_img_obj_callback() due to more being true no matter what. We
already do it in most cases but we are missing some, in particular
those where we don't even get a chance to submit any obj_requests, due
to an early -ENOMEM for example.
A number of obj_request->xferred assignments seem to be redundant but
I haven't touched any of obj_request->xferred stuff to keep this small
and isolated.
Cc: Alex Elder <elder@linaro.org>
Cc: stable@vger.kernel.org # 3.10+
Reported-by: Shawn Edwards <lesser.evil@gmail.com>
Reviewed-by: Sage Weil <sage@redhat.com>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
Ludovic Desroches [Thu, 16 Apr 2015 14:58:12 +0000 (16:58 +0200)]
tty/serial: at91: maxburst was missing for dma transfers
[ Upstream commit
a8d4e01637902311c5643b69a5c80e2805f04054 ]
Maxburst was not set when doing the dma slave configuration. This value
is checked by the recently introduced xdmac. It causes an error when
doing the slave configuration and so prevents from using dma.
Signed-off-by: Ludovic Desroches <ludovic.desroches@atmel.com>
Cc: <stable@vger.kernel.org> # 3.12 and later
Acked-by: Nicolas Ferre <nicolas.ferre@atmel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
Chris Bainbridge [Wed, 22 Apr 2015 15:40:21 +0000 (16:40 +0100)]
ACPI / SBS: Enable battery manager when present
[ Upstream commit
61f8ff693923e4b19748b0e8287b99778f2661c7 ]
Commit
9faf6136ff46 (ACPI / SBS: Disable smart battery manager on
Apple) introduced a regression disabling the SBS battery manager.
The battery manager should be marked as present when
acpi_manager_get_info() returns 0.
Fixes:
9faf6136ff46 (ACPI / SBS: Disable smart battery manager on Apple)
Signed-off-by: Chris Bainbridge <chris.bainbridge@gmail.com>
Cc: 3.18+ <stable@vger.kernel.org> # 3.18+
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
Omar Sandoval [Fri, 10 Apr 2015 21:20:40 +0000 (14:20 -0700)]
btrfs: unlock i_mutex after attempting to delete subvolume during send
[ Upstream commit
909e26dce3f7600f5e293ac0522c28790a0c8c9c ]
Whenever the check for a send in progress introduced in commit
521e0546c970 (btrfs: protect snapshots from deleting during send) is
hit, we return without unlocking inode->i_mutex. This is easy to see
with lockdep enabled:
[ +0.000059] ================================================
[ +0.000028] [ BUG: lock held when returning to user space! ]
[ +0.000029] 4.0.0-rc5-00096-g3c435c1 #93 Not tainted
[ +0.000026] ------------------------------------------------
[ +0.000029] btrfs/211 is leaving the kernel with locks still held!
[ +0.000029] 1 lock held by btrfs/211:
[ +0.000023] #0: (&type->i_mutex_dir_key){+.+.+.}, at: [<
ffffffff8135b8df>] btrfs_ioctl_snap_destroy+0x2df/0x7a0
Make sure we unlock it in the error path.
Reviewed-by: Filipe Manana <fdmanana@suse.com>
Reviewed-by: David Sterba <dsterba@suse.cz>
Cc: stable@vger.kernel.org
Signed-off-by: Omar Sandoval <osandov@osandov.com>
Signed-off-by: Chris Mason <clm@fb.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
Bard Liao [Tue, 28 Apr 2015 03:27:39 +0000 (11:27 +0800)]
ASoC: rt5677: fixed wrong DMIC ref clock
[ Upstream commit
60a8d62b8497c23eb3d48149af7e55dac2dd83a2 ]
DMIC clock source is not from codec system clock directly. it is
generated from the division of system clock. And it should be 256 *
sample rate of AIF1.
Signed-off-by: Bard Liao <bardliao@realtek.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
Cc: stable@vger.kernel.org
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
Charles Keepax [Wed, 22 Apr 2015 12:58:47 +0000 (13:58 +0100)]
ASoC: dapm: Enable autodisable on SOC_DAPM_SINGLE_TLV_AUTODISABLE
[ Upstream commit
a2d97723cb3a7741af81868427b36bba274b681b ]
Correct small copy and paste error where autodisable was not being
enabled for the SOC_DAPM_SINGLE_TLV_AUTODISABLE control.
Signed-off-by: Charles Keepax <ckeepax@opensource.wolfsonmicro.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
Cc: stable@vger.kernel.org
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
Wei Yongjun [Thu, 16 Apr 2015 12:18:02 +0000 (20:18 +0800)]
ASoC: samsung: s3c24xx-i2s: Fix return value check in s3c24xx_iis_dev_probe()
[ Upstream commit
c479163a1b6ab424786fbcd9225b4e3c1c58eb0b ]
In case of error, the function devm_ioremap_resource() returns
ERR_PTR() and never returns NULL. The NULL test in the return
value check should be replaced with IS_ERR().
Signed-off-by: Wei Yongjun <yongjun_wei@trendmicro.com.cn>
Reviewed-by: Krzysztof Kozlowski <k.kozlowski.k@gmail.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
Cc: stable@vger.kernel.org
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
Li Jun [Sun, 12 Apr 2015 09:51:02 +0000 (17:51 +0800)]
usb: chipidea: otg: remove mutex unlock and lock while stop and start role
[ Upstream commit
a5a356cee89f86ff86cc3ce24136ca1f802c1bf1 ]
Wrongly release mutex lock during otg_statemachine may result in re-enter
otg_statemachine, which is not allowed, we should do next state transtition
after previous one completed.
Fixes:
826cfe751f3e ("usb: chipidea: add OTG fsm operation functions implementation")
Cc: <stable@vger.kernel.org> # v3.16+
Signed-off-by: Li Jun <jun.li@freescale.com>
Signed-off-by: Peter Chen <peter.chen@freescale.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
Marek Szyprowski [Thu, 23 Apr 2015 11:46:16 +0000 (12:46 +0100)]
arm64: dma-mapping: always clear allocated buffers
[ Upstream commit
6829e274a623187c24f7cfc0e3d35f25d087fcc5 ]
Buffers allocated by dma_alloc_coherent() are always zeroed on Alpha,
ARM (32bit), MIPS, PowerPC, x86/x86_64 and probably other architectures.
It turned out that some drivers rely on this 'feature'. Allocated buffer
might be also exposed to userspace with dma_mmap() call, so clearing it
is desired from security point of view to avoid exposing random memory
to userspace. This patch unifies dma_alloc_coherent() behavior on ARM64
architecture with other implementations by unconditionally zeroing
allocated buffer.
Cc: <stable@vger.kernel.org> # v3.14+
Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
Michal Simek [Mon, 13 Apr 2015 14:34:21 +0000 (16:34 +0200)]
serial: xilinx: Use platform_get_irq to get irq description structure
[ Upstream commit
5c90c07b98c02198d9777a7c4f3047b0a94bf7ed ]
For systems with CONFIG_SERIAL_OF_PLATFORM=y and device_type =
"serial"; property in DT of_serial.c driver maps and unmaps IRQ (because
driver probe fails). Then a driver is called but irq mapping is not
created that's why driver is failing again in again on request_irq().
Based on this use platform_get_irq() instead of platform_get_resource()
which is doing irq_desc allocation and driver itself can request IRQ.
Fix both xilinx serial drivers in the tree.
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
CC: <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
Michal Simek [Tue, 14 Apr 2015 10:03:09 +0000 (12:03 +0200)]
serial: of-serial: Remove device_type = "serial" registration
[ Upstream commit
6befa9d883385c580369a2cc9e53fbf329771f6d ]
Do not probe all serial drivers by of_serial.c which are using
device_type = "serial"; property. Only drivers which have valid
compatible strings listed in the driver should be probed.
When PORT_UNKNOWN is setup probe will fail anyway.
Arnd quotation about driver historical background:
"when I wrote that driver initially, the idea was that it would
get used as a stub to hook up all other serial drivers but after
that, the common code learned to create platform devices from DT"
This patch fix the problem with on the system with xilinx_uartps and
16550a where of_serial failed to register for xilinx_uartps and because
of irq_dispose_mapping() removed irq_desc. Then when xilinx_uartps was asking
for irq with request_irq() EINVAL is returned.
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
CC: <stable@vger.kernel.org>
Acked-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
Quentin Casasnovas [Tue, 14 Apr 2015 09:25:43 +0000 (11:25 +0200)]
cdc-acm: prevent infinite loop when parsing CDC headers.
[ Upstream commit
0d3bba0287d4e284c3ec7d3397e81eec920d5e7e ]
Phil and I found out a problem with commit:
7e860a6e7aa6 ("cdc-acm: add sanity checks")
It added some sanity checks to ignore potential garbage in CDC headers but
also introduced a potential infinite loop. This can happen at the first
loop iteration (elength = 0 in that case) if the description isn't a
DT_CS_INTERFACE or later if 'buffer[0]' is zero.
It should also be noted that the wrong length was being added to 'buffer'
in case 'buffer[1]' was not a DT_CS_INTERFACE descriptor, since elength was
assigned after that check in the loop.
A specially crafted USB device could be used to trigger this infinite loop.
Fixes:
7e860a6e7aa6 ("cdc-acm: add sanity checks")
Signed-off-by: Phil Turnbull <phil.turnbull@oracle.com>
Signed-off-by: Quentin Casasnovas <quentin.casasnovas@oracle.com>
CC: Sergei Shtylyov <sergei.shtylyov@cogentembedded.com>
CC: Oliver Neukum <oneukum@suse.de>
CC: Adam Lee <adam8157@gmail.com>
CC: <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
Oliver Neukum [Wed, 28 Jan 2015 10:14:55 +0000 (11:14 +0100)]
cdc-acm: add sanity checks
[ Upstream commit
7e860a6e7aa62b337a61110430cd633db5b0d2dd ]
Check the special CDC headers for a plausible minimum length.
Another big operating systems ignores such garbage.
Signed-off-by: Oliver Neukum <oneukum@suse.de>
CC: stable@vger.kernel.org
Reviewed-by: Adam Lee <adam8157@gmail.com>
Tested-by: Adam Lee <adam8157@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
Takashi Iwai [Mon, 27 Apr 2015 08:40:45 +0000 (10:40 +0200)]
ALSA: hda - Add mute-LED mode control to Thinkpad
[ Upstream commit
7290006d8c0900c56d8c58428134f02c35109d17 ]
This patch adds the missing flag to enable "Mute-LED Mode" mixer enum
ctl for Thinkpads that have also the software mute-LED control.
Reported-and-tested-by: Pali Rohár <pali.rohar@gmail.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
projects / profile / wearable / platform / kernel / linux-3.18-exynos7270.git / log