Hans Verkuil [Wed, 28 Mar 2018 18:12:27 +0000 (15:12 -0300)]
media: v4l2-compat-ioctl32.c: fix ctrl_is_pointer
commit
b8c601e8af2d08f733d74defa8465303391bb930 upstream.
ctrl_is_pointer just hardcoded two known string controls, but that
caused problems when using e.g. custom controls that use a pointer
for the payload.
Reimplement this function: it now finds the v4l2_ctrl (if the driver
uses the control framework) or it calls vidioc_query_ext_ctrl (if the
driver implements that directly).
In both cases it can now check if the control is a pointer control
or not.
Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
Acked-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[sw0312.kim: cherry-pick from linux-3.18.y to apply CVE patch]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Change-Id: Iead5cedaa99187b870ff120fb737640a37ab09c1
Hans Verkuil [Wed, 28 Mar 2018 18:12:26 +0000 (15:12 -0300)]
media: v4l2-compat-ioctl32.c: copy m.userptr in put_v4l2_plane32
commit
8ed5a59dcb47a6f76034ee760b36e089f3e82529 upstream.
The struct v4l2_plane32 should set m.userptr as well. The same
happens in v4l2_buffer32 and v4l2-compliance tests for this.
Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
Acked-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[sw0312.kim: cherry-pick from linux-3.18.y to apply CVE patch]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Change-Id: Ib603e608bb945be880e1bab1233a7063812956ef
Hans Verkuil [Wed, 28 Mar 2018 18:12:25 +0000 (15:12 -0300)]
media: v4l2-compat-ioctl32.c: avoid sizeof(type)
commit
333b1e9f96ce05f7498b581509bb30cde03018bf upstream.
Instead of doing sizeof(struct foo) use sizeof(*up). There even were
cases where 4 * sizeof(__u32) was used instead of sizeof(kp->reserved),
which is very dangerous when the size of the reserved array changes.
Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
Acked-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[sw0312.kim: cherry-pick from linux-3.18.y to apply CVE patch]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Change-Id: I66c5ebf8cdf0a7fbd15c236804f85f7fc77422b3
Hans Verkuil [Wed, 28 Mar 2018 18:12:24 +0000 (15:12 -0300)]
media: v4l2-compat-ioctl32.c: move 'helper' functions to __get/put_v4l2_format32
commit
486c521510c44a04cd756a9267e7d1e271c8a4ba upstream.
These helper functions do not really help. Move the code to the
__get/put_v4l2_format32 functions.
Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
Acked-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[sw0312.kim: cherry-pick from linux-3.18.y to apply CVE patch]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Change-Id: I055f604210da7586257dcfa667d4d02d92f98697
Hans Verkuil [Wed, 24 Jan 2018 09:35:48 +0000 (04:35 -0500)]
media: v4l2-compat-ioctl32.c: fix the indentation
commit
b7b957d429f601d6d1942122b339474f31191d75 upstream.
The indentation of this source is all over the place. Fix this.
This patch only changes whitespace.
Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
Acked-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Cc: <stable@vger.kernel.org> # for v4.15 and up
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[sw0312.kim: cherry-pick from linux-3.18.y to apply CVE patch]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Change-Id: I32d44cc5a5e598fe44cfa31f72fb1adee9aee903
Hans Verkuil [Wed, 24 Jan 2018 13:37:04 +0000 (08:37 -0500)]
media: v4l2-compat-ioctl32.c: add missing VIDIOC_PREPARE_BUF
commit
3ee6d040719ae09110e5cdf24d5386abe5d1b776 upstream.
The result of the VIDIOC_PREPARE_BUF ioctl was never copied back
to userspace since it was missing in the switch.
Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
Acked-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Cc: <stable@vger.kernel.org> # for v4.15 and up
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[sw0312.kim: cherry-pick from linux-3.18.y to apply CVE patch]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Change-Id: I46cfe614d06f3e5885e29f8e07f0196398fb837c
Ricardo Ribalda [Mon, 20 Jun 2016 12:47:22 +0000 (09:47 -0300)]
vb2: V4L2_BUF_FLAG_DONE is set after DQBUF
commit
3171cc2b4eb9831ab4df1d80d0410a945b8bc84e upstream.
According to the doc, V4L2_BUF_FLAG_DONE is cleared after DQBUF:
V4L2_BUF_FLAG_DONE 0x00000004 ... After calling the VIDIOC_QBUF or
VIDIOC_DQBUF it is always cleared ...
Unfortunately, it seems that videobuf2 keeps it set after DQBUF. This
can be tested with vivid and dev_debug:
[257604.338082] video1: VIDIOC_DQBUF: 71:33:25.
00260479 index=3,
type=vid-cap, flags=0x00002004, field=none, sequence=163,
memory=userptr, bytesused=460800, offset/userptr=0x344b000,
length=460800
This patch forces FLAG_DONE to 0 after calling DQBUF.
Reported-by: Dimitrios Katsaros <patcherwork@gmail.com>
Signed-off-by: Ricardo Ribalda Delgado <ricardo.ribalda@gmail.com>
Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[sw0312.kim: cherry-pick from linux-3.18.y]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Change-Id: I22dc967ed1cceece77e6235c72ebdb3472bd4245
Hans Verkuil [Tue, 30 Jan 2018 08:50:01 +0000 (03:50 -0500)]
media: v4l2-ioctl.c: don't copy back the result for -ENOTTY
commit
181a4a2d5a0a7b43cab08a70710d727e7764ccdd upstream.
If the ioctl returned -ENOTTY, then don't bother copying
back the result as there is no point.
Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
Acked-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Cc: <stable@vger.kernel.org> # for v4.15 and up
Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[sw0312.kim: cherry-pick from linux-3.18.y to apply CVE patch]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Change-Id: I74f89733fb3be9adb9ba8026be1dc699bed0445f
Ricardo Ribalda Delgado [Tue, 17 Oct 2017 15:48:50 +0000 (11:48 -0400)]
media: v4l2-ctrl: Fix flags field on Control events
commit
9cac9d2fb2fe0e0cadacdb94415b3fe49e3f724f upstream.
VIDIOC_DQEVENT and VIDIOC_QUERY_EXT_CTRL should give the same output for
the control flags field.
This patch creates a new function user_flags(), that calculates the user
exported flags value (which is different than the kernel internal flags
structure). This function is then used by all the code that exports the
internal flags to userspace.
Reported-by: Dimitrios Katsaros <patcherwork@gmail.com>
Signed-off-by: Ricardo Ribalda Delgado <ricardo.ribalda@gmail.com>
Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[sw0312.kim: cherry-pick from linux-3.18.y]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Change-Id: I7ce4c954bdf559e7cf60816202e4fb1f2fa2ad90
Daniel Mentz [Thu, 3 Aug 2017 03:42:17 +0000 (23:42 -0400)]
media: v4l2-compat-ioctl32: Fix timespec conversion
commit
9c7ba1d7634cef490b85bc64c4091ff004821bfd upstream.
Certain syscalls like recvmmsg support 64 bit timespec values for the
X32 ABI. The helper function compat_put_timespec converts a timespec
value to a 32 bit or 64 bit value depending on what ABI is used. The
v4l2 compat layer, however, is not designed to support 64 bit timespec
values and always uses 32 bit values. Hence, compat_put_timespec must
not be used.
Without this patch, user space will be provided with bad timestamp
values from the VIDIOC_DQEVENT ioctl. Also, fields of the struct
v4l2_event32 that come immediately after timestamp get overwritten,
namely the field named id.
Fixes: 81993e81a994 ("compat: Get rid of (get|put)_compat_time(val|spec)")
Cc: H. Peter Anvin <hpa@linux.intel.com>
Cc: Laurent Pinchart <laurent.pinchart+renesas@ideasonboard.com>
Cc: Tiffany Lin <tiffany.lin@mediatek.com>
Cc: Ricardo Ribalda Delgado <ricardo.ribalda@gmail.com>
Cc: Sakari Ailus <sakari.ailus@linux.intel.com>
Signed-off-by: Daniel Mentz <danielmentz@google.com>
Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[sw0312.kim: cherry-pick from linux-3.18.y]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Change-Id: I713662fe9e2103c91fe717929116ae28c57e150d
Christophe JAILLET [Fri, 28 Apr 2017 04:51:40 +0000 (01:51 -0300)]
vb2: Fix an off by one error in 'vb2_plane_vaddr'
commit
5ebb6dd36c9f5fb37b1077b393c254d70a14cb46 upstream.
We should ensure that 'plane_no' is '< vb->num_planes' as done in
'vb2_plane_cookie' just a few lines below.
Fixes: e23ccc0ad925 ("[media] v4l: add videobuf2 Video for Linux 2 driver framework")
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Reviewed-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[sw0312.kim: cherry-pick from linux-3.18.y]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Change-Id: I78542d0bb4c29c29a1c111cebed7ece2fc6d81cf
Linus Torvalds [Tue, 21 Apr 2015 19:49:33 +0000 (12:49 -0700)]
media: remove unused variable that causes a warning
commit
1d11437f4fd02f9b5d3749675a1232216787dcc6 upstream.
My 'allmodconfig' build is _almost_ free of warnings, and most of the
remaining ones are for legacy drivers that just do bad things that I
can't find it in my black heart to care too much about. But this one
was just annoying me:
drivers/media/v4l2-core/videobuf2-core.c:3256:26: warning: unused variable ‘fileio’ [-Wunused-variable]
because commit
0e661006370b ("[media] vb2: fix 'UNBALANCED' warnings
when calling vb2_thread_stop()") removed all users of 'fileio' and
instead calls "__vb2_cleanup_fileio(q)" to clean up q->fileio. But the
now unused 'fileio' variable was left around.
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[sw0312.kim: cherry-pick from linux-3.18.y]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Change-Id: Ibcc1613a6740e15d51218a4373647f262088c1d1
Tiffany Lin [Tue, 19 Jan 2016 07:56:50 +0000 (05:56 -0200)]
media: v4l2-compat-ioctl32: fix missing length copy in put_v4l2_buffer32
[ Upstream commit
7df5ab8774aa383c6d2bff00688d004585d96dfd ]
In v4l2-compliance utility, test QUERYBUF required correct length
value to go through each planar to check planar's length in
multi-planar buffer type
Signed-off-by: Tiffany Lin <tiffany.lin@mediatek.com>
Reviewed-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
Cc: <stable@vger.kernel.org> # for v3.7 and up
Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
[sw0312.kim: cherry-pick from linux-3.18.y]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Change-Id: I08b90f7703cb8e46c3e26d8d596f806f9c24185e
Sasha Levin [Mon, 1 Feb 2016 16:27:06 +0000 (11:27 -0500)]
vb2: fix a regression in poll() behavior for output,streams
[ Upstream commit
4623e5967448444a4ea1e77beb58898c4af48693 ]
In the 3.17 kernel the poll() behavior changed for output streams:
as long as not all buffers were queued up poll() would return that
userspace can write. This is fine for the write() call, but when
using stream I/O this changed the behavior since the expectation
was that it would wait for buffers to become available for dequeuing.
This patch only enables the check whether you can queue buffers
for file I/O only, and skips it for stream I/O.
Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
Acked-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Cc: <stable@vger.kernel.org> # for v3.17 and up
Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
[sw0312.kim: cherry-pick from linux-3.18.y]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Change-Id: I6874d98e4881c059d592addb2e9767d398d82262
Liping Zhang [Tue, 28 Mar 2017 14:59:25 +0000 (22:59 +0800)]
netfilter: nfnetlink_queue: fix secctx memory leak
We must call security_release_secctx to free the memory returned by
security_secid_to_secctx, otherwise memory may be leaked forever.
Fixes: ef493bd930ae ("netfilter: nfnetlink_queue: add security context information")
Signed-off-by: Liping Zhang <zlpnobody@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
[sw0312.kim: backport the commit
77c1c03c5b8 from mainline to fix already backported commit
- the commit
ef493bd930ae ("netfilter: nfnetlink_queue: add security context information") was backported for nether.service in tizen
- change in net/netfilter/nfnetlink_queue.c is applied to net/netfilter/nfnetlink_queue_core.c]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Change-Id: Ifbc5f96bb6039503b7390864936fe6eda2e53acb
Roman Gushchin [Fri, 17 Nov 2017 23:26:45 +0000 (15:26 -0800)]
proc, coredump: add CoreDumping flag to /proc/pid/status
Right now there is no convenient way to check if a process is being
coredumped at the moment.
It might be necessary to recognize such state to prevent killing the
process and getting a broken coredump. Writing a large core might take
significant time, and the process is unresponsive during it, so it might
be killed by timeout, if another process is monitoring and
killing/restarting hanging tasks.
We're getting a significant number of corrupted coredump files on
machines in our fleet, just because processes are being killed by
timeout in the middle of the core writing process.
We do have a process health check, and some agent is responsible for
restarting processes which are not responding for health check requests.
Writing a large coredump to the disk can easily exceed the reasonable
timeout (especially on an overloaded machine).
This flag will allow the agent to distinguish processes which are being
coredumped, extend the timeout for them, and let them produce a full
coredump file.
To provide an ability to detect if a process is in the state of being
coredumped, we can expose a boolean CoreDumping flag in
/proc/pid/status.
Example:
$ cat core.sh
#!/bin/sh
echo "|/usr/bin/sleep 10" > /proc/sys/kernel/core_pattern
sleep 1000 &
PID=$!
cat /proc/$PID/status | grep CoreDumping
kill -ABRT $PID
sleep 1
cat /proc/$PID/status | grep CoreDumping
$ ./core.sh
CoreDumping: 0
CoreDumping: 1
[guro@fb.com: document CoreDumping flag in /proc/<pid>/status]
Link: http://lkml.kernel.org/r/20170928135357.GA8470@castle.DHCP.thefacebook.com
Link: http://lkml.kernel.org/r/20170920230634.31572-1-guro@fb.com
Signed-off-by: Roman Gushchin <guro@fb.com>
Cc: Alexander Viro <viro@zeniv.linux.org.uk>
Cc: Ingo Molnar <mingo@kernel.org>
Cc: Konstantin Khlebnikov <koct9i@gmail.com>
Cc: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
[inki.dae: backported from mainline - commit :
c643401218be
On Tizen, there is one issue that a process doing coredump can be killed.
This patch allows a process to detect if given process is being dumped.
With this, Tizen can exclude such process from 'kill list' so that
coredump process can finish coredump work.]
Signed-off-by: Inki Dae <inki.dae@samsung.com>
Change-Id: I7ddd9fc618942244bd7e8523be3f080504cc9a06
Jaehoon Chung [Mon, 16 Oct 2017 10:18:19 +0000 (19:18 +0900)]
packaging: add the dzImage-recovery image
Add the dzImage-recovery image as using recovery.
Change-Id: Iafac3bdbd8165a12701fa12c6ddd2ca23ab91d2d
Signed-off-by: Jaehoon Chung <jh80.chung@samsung.com>
zhong jiang [Wed, 28 Sep 2016 22:22:30 +0000 (15:22 -0700)]
mm,ksm: fix endless looping in allocating memory when ksm enable
[ Upstream commit
5b398e416e880159fe55eefd93c6588fa072cd66 ]
I hit the following hung task when runing a OOM LTP test case with 4.1
kernel.
Call trace:
[<
ffffffc000086a88>] __switch_to+0x74/0x8c
[<
ffffffc000a1bae0>] __schedule+0x23c/0x7bc
[<
ffffffc000a1c09c>] schedule+0x3c/0x94
[<
ffffffc000a1eb84>] rwsem_down_write_failed+0x214/0x350
[<
ffffffc000a1e32c>] down_write+0x64/0x80
[<
ffffffc00021f794>] __ksm_exit+0x90/0x19c
[<
ffffffc0000be650>] mmput+0x118/0x11c
[<
ffffffc0000c3ec4>] do_exit+0x2dc/0xa74
[<
ffffffc0000c46f8>] do_group_exit+0x4c/0xe4
[<
ffffffc0000d0f34>] get_signal+0x444/0x5e0
[<
ffffffc000089fcc>] do_signal+0x1d8/0x450
[<
ffffffc00008a35c>] do_notify_resume+0x70/0x78
The oom victim cannot terminate because it needs to take mmap_sem for
write while the lock is held by ksmd for read which loops in the page
allocator
ksm_do_scan
scan_get_next_rmap_item
down_read
get_next_rmap_item
alloc_rmap_item #ksmd will loop permanently.
There is no way forward because the oom victim cannot release any memory
in 4.1 based kernel. Since 4.6 we have the oom reaper which would solve
this problem because it would release the memory asynchronously.
Nevertheless we can relax alloc_rmap_item requirements and use
__GFP_NORETRY because the allocation failure is acceptable as ksm_do_scan
would just retry later after the lock got dropped.
Such a patch would be also easy to backport to older stable kernels which
do not have oom_reaper.
While we are at it add GFP_NOWARN so the admin doesn't have to be alarmed
by the allocation failure.
Link: http://lkml.kernel.org/r/1474165570-44398-1-git-send-email-zhongjiang@huawei.com
Signed-off-by: zhong jiang <zhongjiang@huawei.com>
Suggested-by: Hugh Dickins <hughd@google.com>
Suggested-by: Michal Hocko <mhocko@suse.cz>
Acked-by: Michal Hocko <mhocko@suse.com>
Acked-by: Hugh Dickins <hughd@google.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
[jcsing.lee: cherry-pick from linux-3.18.y to fix ltp issue]
Signed-off-by: Jaechul Lee <jcsing.lee@samsung.com>
Change-Id: I491c912e110399da272b268cdb40508ba1b9f916
Fabian Frederick [Tue, 2 Aug 2016 21:03:07 +0000 (14:03 -0700)]
sysv, ipc: fix security-layer leaking
[ Upstream commit
9b24fef9f0410fb5364245d6cc2bd044cc064007 ]
Commit
53dad6d3a8e5 ("ipc: fix race with LSMs") updated ipc_rcu_putref()
to receive rcu freeing function but used generic ipc_rcu_free() instead
of msg_rcu_free() which does security cleaning.
Running LTP msgsnd06 with kmemleak gives the following:
cat /sys/kernel/debug/kmemleak
unreferenced object 0xffff88003c0a11f8 (size 8):
comm "msgsnd06", pid 1645, jiffies
4294672526 (age 6.549s)
hex dump (first 8 bytes):
1b 00 00 00 01 00 00 00 ........
backtrace:
kmemleak_alloc+0x23/0x40
kmem_cache_alloc_trace+0xe1/0x180
selinux_msg_queue_alloc_security+0x3f/0xd0
security_msg_queue_alloc+0x2e/0x40
newque+0x4e/0x150
ipcget+0x159/0x1b0
SyS_msgget+0x39/0x40
entry_SYSCALL_64_fastpath+0x13/0x8f
Manfred Spraul suggested to fix sem.c as well and Davidlohr Bueso to
only use ipc_rcu_free in case of security allocation failure in newary()
Fixes: 53dad6d3a8e ("ipc: fix race with LSMs")
Link: http://lkml.kernel.org/r/1470083552-22966-1-git-send-email-fabf@skynet.be
Signed-off-by: Fabian Frederick <fabf@skynet.be>
Cc: Davidlohr Bueso <dbueso@suse.de>
Cc: Manfred Spraul <manfred@colorfullife.com>
Cc: <stable@vger.kernel.org> [3.12+]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
[jcsing.lee: cherry-pick from linux-3.18.y to fix ltp issue]
Signed-off-by: Jaechul Lee <jcsing.lee@samsung.com>
Change-Id: I4e9ab23d55251dc816db9408e89d9a5baf49cfda
Miklos Szeredi [Fri, 1 Jul 2016 12:56:07 +0000 (14:56 +0200)]
locks: use file_inode()
[ Upstream commit
6343a2120862f7023006c8091ad95c1f16a32077 ]
(Another one for the f_path debacle.)
ltp fcntl33 testcase caused an Oops in selinux_file_send_sigiotask.
The reason is that generic_add_lease() used filp->f_path.dentry->inode
while all the others use file_inode(). This makes a difference for files
opened on overlayfs since the former will point to the overlay inode the
latter to the underlying inode.
So generic_add_lease() added the lease to the overlay inode and
generic_delete_lease() removed it from the underlying inode. When the file
was released the lease remained on the overlay inode's lock list, resulting
in use after free.
Reported-by: Eryu Guan <eguan@redhat.com>
Fixes: 4bacc9c9234c ("overlayfs: Make f_path always point to the overlay and f_inode to the underlay")
Cc: <stable@vger.kernel.org>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Reviewed-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
[jcsing.lee: cherry-pick from linux-3.18.y to fix ltp issue]
Signed-off-by: Jaechul Lee <jcsing.lee@samsung.com>
Change-Id: I6091178a330b85ebb34022f9fbbd5226516399f5
Junling Zheng [Mon, 1 Jun 2015 09:28:00 +0000 (09:28 +0000)]
net: socket: Fix the wrong returns for recvmsg and sendmsg
[ Upstream commit HEAD ]
Based on
08adb7dabd4874cc5666b4490653b26534702ce0 upstream.
We found that after v3.10.73, recvmsg might return -EFAULT while -EINVAL
was expected.
We tested it through the recvmsg01 testcase come from LTP testsuit. It set
msg->msg_namelen to -1 and the recvmsg syscall returned errno 14, which is
unexpected (errno 22 is expected):
recvmsg01 4 TFAIL : invalid socket length ; returned -1 (expected -1),
errno 14 (expected 22)
Linux mainline has no this bug for commit
08adb7dab fixes it accidentally.
However, it is too large and complex to be backported to LTS 3.10.
Commit
281c9c36 (net: compat: Update get_compat_msghdr() to match
copy_msghdr_from_user() behaviour) made get_compat_msghdr() return
error if msg_sys->msg_namelen was negative, which changed the behaviors
of recvmsg and sendmsg syscall in a lib32 system:
Before commit
281c9c36, get_compat_msghdr() wouldn't fail and it would
return -EINVAL in move_addr_to_user() or somewhere if msg_sys->msg_namelen
was invalid and then syscall returned -EINVAL, which is correct.
And now, when msg_sys->msg_namelen is negative, get_compat_msghdr() will
fail and wants to return -EINVAL, however, the outer syscall will return
-EFAULT directly, which is unexpected.
This patch gets the return value of get_compat_msghdr() as well as
copy_msghdr_from_user(), then returns this expected value if
get_compat_msghdr() fails.
Fixes: 281c9c36 (net: compat: Update get_compat_msghdr() to match copy_msghdr_from_user() behaviour)
Signed-off-by: Junling Zheng <zhengjunling@huawei.com>
Signed-off-by: Hanbing Xu <xuhanbing@huawei.com>
Cc: Li Zefan <lizefan@huawei.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: David Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit
5ca74d43d929e6ecaba677a411f0e81371d61f76)
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
[sw0312.kim: cherry-pick from linux-3.18.y to fix ltp issue]
Reported-by: Jaechul Lee <jcsing.lee@samsung.com>
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Change-Id: Idd759ce13ae9a66ca823513724818e7e3f41ce42
Ben Seri [Sat, 9 Sep 2017 21:15:59 +0000 (23:15 +0200)]
Bluetooth: Properly check L2CAP config option output buffer length
commit
e860d2c904d1a9f38a24eb44c9f34b8f915a6ea3 upstream.
Validate the output buffer length for L2CAP config requests and responses
to avoid overflowing the stack buffer used for building the option blocks.
Signed-off-by: Ben Seri <ben@armis.com>
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[sw0312.kim: Cherry-pick from linux-3.18.y tree to fix CVE-2017-
1000251]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Change-Id: I479e2d5141a9cb0b5bc105dc40298cbd4bddbff0
Denis Khalikov [Fri, 25 Aug 2017 11:02:13 +0000 (14:02 +0300)]
packaging: Disable UBSan build
UBSan build on kernel will cause build error because kernel has its own
sanitizer build options. So, dislable UBSan build from packaging spec.
Change-Id: Ia7cccf6daf0718e6d34b0382a62edc18f02ba999
Signed-off-by: Denis Khalikov <d.khalikov@partner.samsung.com>
Jin-young Jeon [Mon, 14 Aug 2017 08:26:31 +0000 (17:26 +0900)]
video/fbdev: decon: fix wrong pixel format setting.
fix wrong pixel format setting.
This patch comes from product kernel.
Change-Id: If5008ffacb65afef7e819ceea4f4b11bb666464e
Signed-off-by: Jin-young Jeon <jy0.jeon@samsung.com>
Signed-off-by: Inki Dae <inki.dae@samsung.com>
Jin-young Jeon [Tue, 15 Aug 2017 08:07:33 +0000 (17:07 +0900)]
drm/tgm: tdm/pp: add shift setting operation during set size.
add shift setting operation during set size
This patch comes from product kernel.
Change-Id: I98692214aaec340db6efecbcb240288d86e14241
Signed-off-by: Jin-young Jeon <jy0.jeon@samsung.com>
Signed-off-by: Inki Dae <inki.dae@samsung.com>
Jin-young Jeon [Mon, 7 Aug 2017 06:39:51 +0000 (15:39 +0900)]
drm/tgm: tdm/pp: add alignmentation to fix cropping problem.
add alignmentation to fix cropping problem
This patch comes from product kernel.
Change-Id: I2901cbe286471ae47932ea7970e5d1025eef0aa9
Signed-off-by: Jin-young Jeon <jy0.jeon@samsung.com>
Signed-off-by: Inki Dae <inki.dae@samsung.com>
Jaechul Lee [Wed, 23 Aug 2017 00:32:45 +0000 (09:32 +0900)]
packaging: Remove permission settings for devel package
Setting 644 permissions for devel package is removed. The all files in
the devel package are created with 644 permission. As a result, executable
files don't work when building out-of-tree module because they don't have a
execution permission.
Change-Id: I79854937593af982ed829a39446273e89e91a5f5
Signed-off-by: Jaechul Lee <jcsing.lee@samsung.com>
Seung-Woo Kim [Mon, 21 Aug 2017 23:27:32 +0000 (08:27 +0900)]
packaging: fix to create uapi header before kernel build
To create proper kernel devel package, kernel should not be cleaned
after build. So, fix to create uapi header which execute clean
before kernel build.
Change-Id: Ie83a2ea56815561074b3e1ee0e77719cbd8a4711
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Seung-Woo Kim [Tue, 22 Aug 2017 00:21:55 +0000 (09:21 +0900)]
packaging: remove unnecessary files from devel package
The files created by build, including Image and merged-dtb, are not
necessary in devel package. Also, for arm64, compressed image is
not zImage or bzImage but Image.gz. Remove the unnecessary files
from devel package instead of not existing zImage or bzImage.
Change-Id: I5c930133a0d062f68545054c84f7229b62a4b1a3
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Jaechul Lee [Thu, 10 Aug 2017 02:18:56 +0000 (11:18 +0900)]
packaging: Remove symbolic link in a devel package
The symbolic link to kernel-devel-tizen-dev doesn't need anymore because
those who want to build SWAP-DA will use the absolute package name for
building respectively on the several kernels.
The out-of-tree kernel module build uses absolute devel package name to
bulid SWAP-DA. It should be left out to prevent a conflict between
each kernel devel packages.
Change-Id: I6b55002174a424267db4d5cb4a5c09d9a0ad8358
Signed-off-by: Jaechul Lee <jcsing.lee@samsung.com>
Alexander Aksenov [Fri, 4 Aug 2017 05:10:11 +0000 (14:10 +0900)]
ARM64: tizen_tw2_defconfig: enable MODULES
To support kernel modules build, loading, and unloading enable config
option MODULES and force loading and unloading options.
Change-Id: If67e5a8c5ae91c632a3225244a385ac9ff26728b
Signed-off-by: Alexander Aksenov <a.aksenov@samsung.com>
[sw0312.kim: spilt config patch and adjust commit-msg]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Seung-Woo Kim [Fri, 4 Aug 2017 05:03:50 +0000 (14:03 +0900)]
kconfig: fix not to select TIMA_LKMAUTH from MODULES
TIMA_LKMAUTH prevents loading modules built for development. Fix
not to select TIMA_LKMAUTH by selecting MODULES for possibility
to set the config option.
Change-Id: I65b084ff31e7428296d8995ecb1a9c7a005118c8
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Alexander Aksenov [Fri, 4 Aug 2017 02:55:04 +0000 (11:55 +0900)]
misc: mcu_ipc: fix duplicated export symbol
There is duplicated export symbol with EXPORT_SYMBOL(). Fix one from
the symbols with proper function name.
With this modification, build error with CONFIG_MODULES is removed.
Change-Id: I696e324cc55ac381063ba8e442dc45e55ba78a01
Signed-off-by: Alexander Aksenov <a.aksenov@samsung.com>
[sw0312.kim: spilt mcu_ipc patch and adjust commit-msg]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Jin-young Jeon [Thu, 6 Jul 2017 05:32:18 +0000 (14:32 +0900)]
drm/tgm: tdm_pp: add pp_set_planar_addr().
It should be supported to divide each planar address.
This patch is from product kernel.
Change-Id: I3bd2cfa5fabd67ee57ffb7a575e6bf35e2ba161e
Signed-off-by: Jin-young Jeon <jy0.jeon@samsung.com>
Signed-off-by: Inki Dae <inki.dae@samsung.com>
Jin-young Jeon [Thu, 6 Jul 2017 04:35:27 +0000 (13:35 +0900)]
drm/tgm: tdm_pp: add size field on tdm_pp_buf_info.
This patch is from product kernel.
Change-Id: I4d2901793835fe708781ad72c0a3fd28d4608d41
Signed-off-by: Jin-young Jeon <jy0.jeon@samsung.com>
Signed-off-by: Inki Dae <inki.dae@samsung.com>
Jin-young Jeon [Thu, 6 Jul 2017 04:33:17 +0000 (13:33 +0900)]
drm/tgm: tbm: add tbm_gem_get_size().
This patch is from product kernel.
Change-Id: Ia5089be4a803861b66eb17d4463efe860e17914d
Signed-off-by: Jin-young Jeon <jy0.jeon@samsung.com>
Signed-off-by: Inki Dae <inki.dae@samsung.com>
Inki Dae [Thu, 6 Jul 2017 01:24:35 +0000 (10:24 +0900)]
ARM64: tizen_tw2_defconfig: disble VIDEO_EXYNOS_SCALER
This patch disbles V4L2 based scaler driver.
We use DRM based IPP driver so this configuraion should be disabled.
Change-Id: If1544d8b4db9225f26db51c2c9a1c3940b36be5e
Signed-off-by: Inki Dae <inki.dae@samsung.com>
Inki Dae [Tue, 4 Jul 2017 01:41:39 +0000 (10:41 +0900)]
ARM64: tizen_tw2_defconfig: enable post processing driver
This patch enables post processing driver for TGM module.
Change-Id: Iff25cbe6383231d81b2b44b3773769300103e087
Signed-off-by: Inki Dae <inki.dae@samsung.com>
Inki Dae [Tue, 4 Jul 2017 01:38:18 +0000 (10:38 +0900)]
drm/tgm: code sync with product kernel
This patch synchronizes tgm driver with latest product kernel.
Almost patches have been merged based on original patch of product kernel
but there are missing code from beginning so regarding this code,
I have merged it manually.
Change-Id: If699b55a5ad67e7a82e8195376d81ffbebf78535
Signed-off-by: Inki Dae <inki.dae@samsung.com>
Jin-young Jeon [Thu, 29 Jun 2017 10:11:18 +0000 (19:11 +0900)]
drm/tgm: tdm: change completion interface.
Add cmd completion instead of start / stop completion.
This patch is from product kernel.
Change-Id: I09d0e61d307d619db1ebb61b8e4242edff4a4259
Signed-off-by: Jin-young Jeon <jy0.jeon@samsung.com>
Signed-off-by: Inki Dae <inki.dae@samsung.com>
Jin-young Jeon [Tue, 20 Jun 2017 06:12:46 +0000 (15:12 +0900)]
drm/tgm: tdm: add ttrace log to check vsync
This patch is from product kernel.
Change-Id: I46d68956d4cbf196379a3f6037189712248694dd
Signed-off-by: Jin-young Jeon <jy0.jeon@samsung.com>
Signed-off-by: Inki Dae <inki.dae@samsung.com>
Jin-young Jeon [Thu, 8 Jun 2017 04:16:07 +0000 (13:16 +0900)]
drm/tgm: tdm/pp: add fence mechanism on TDM PP.
This patch is from product kernel.
Change-Id: Iae386e3a0a1984d9dec157153a280ac5886ba5e0
Signed-off-by: Jin-young Jeon <jy0.jeon@samsung.com>
Signed-off-by: Inki Dae <inki.dae@samsung.com>
Jin-young Jeon [Thu, 8 Jun 2017 02:05:25 +0000 (11:05 +0900)]
drm/tgm: tbm: add get dma_buf interface.
This patch is from product kernel.
Change-Id: Id6c8221c75b2bd715968df8fdd49d4b86f26a599
Signed-off-by: Jin-young Jeon <jy0.jeon@samsung.com>
Signed-off-by: Inki Dae <inki.dae@samsung.com>
jonggab.park [Fri, 28 Apr 2017 08:13:56 +0000 (17:13 +0900)]
drm/tdm: implement msc driver to support PP.
MSC driver is included. This patch is from product kernel.
Change-Id: Ibe08ff732fb4e5cc9718b59254cd52f8716bad5b
Signed-off-by: Jin-young Jeon <jy0.jeon@samsung.com>
Signed-off-by: Inki Dae <inki.dae@samsung.com>
jonggab.park [Fri, 28 Apr 2017 08:02:34 +0000 (17:02 +0900)]
drm/tdm: implement PP interface.
PP interface is included. This patch is from product kernel.
Change-Id: I44d06ab017e2023440010ad64a4265e24954f0c2
Signed-off-by: Jin-young Jeon <jy0.jeon@samsung.com>
Signed-off-by: Inki Dae <inki.dae@samsung.com>
jonggab.park [Fri, 28 Apr 2017 05:24:45 +0000 (14:24 +0900)]
drm/tbm: add get/put dma address interface.
DMA address interface set for pp driver.
This patch is from product kernel.
Change-Id: I41ad97483fdd7f0e3c17fc216d04d47edca2f8b1
Signed-off-by: Jin-young Jeon <jy0.jeon@samsung.com>
Signed-off-by: Inki Dae <inki.dae@samsung.com>
jonggab.park [Fri, 28 Apr 2017 05:09:54 +0000 (14:09 +0900)]
drm/tgm: add sub driver handling interface.
It doesn't have the pp interface for the pp driver.
And this patch is from product kernel.
Change-Id: Iceb891e602fe6e6e246445b7d845927cc39a73c0
Signed-off-by: Jin-young Jeon <jy0.jeon@samsung.com>
Signed-off-by: Inki Dae <inki.dae@samsung.com>
Jin-young Jeon [Mon, 22 May 2017 08:34:05 +0000 (17:34 +0900)]
drm/tgm: add pid information on gem_info
This patch is from product kernel.
Change-Id: Id408cab17ca339bb2d8c8af1193a7905f2a34869
Signed-off-by: Jin-young Jeon <jy0.jeon@samsung.com>
Signed-off-by: Inki Dae <inki.dae@samsung.com>
Jin-young Jeon [Mon, 26 Dec 2016 05:51:05 +0000 (14:51 +0900)]
drm/tgm: tdm: change sequence to turn off vblank.
Prevent duplicated low power mode request.
This patch is from product kernel.
Change-Id: I729af7274ca491a84ec72790c8ca6bf67530ce5b
Signed-off-by: Jin-young Jeon <jy0.jeon@samsung.com>
Signed-off-by: Inki Dae <inki.dae@samsung.com>
Gonzha Dmitriy Evgenevich [Wed, 24 May 2017 10:51:05 +0000 (13:51 +0300)]
packaging: Turn off building with ASan
Turn off ASan for ASan sanitized firmware build
Change-Id: If786306821ff22e994efaba2b00dcabcc5eb8426
Signed-off-by: Gonzha Dmitriy Evgenevich <d.gonzha@samsung.com>
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Seung-Woo Kim [Mon, 27 Mar 2017 06:32:47 +0000 (15:32 +0900)]
packaging: install license for rpm package instead of license package
This patch replaces license rpm package to license file in rpm
package.
Change-Id: I8d06a0b42bce3e5d774151f2d708b081c1b46956
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Linus Torvalds [Thu, 13 Oct 2016 20:07:36 +0000 (13:07 -0700)]
mm: remove gup_flags FOLL_WRITE games from __get_user_pages()
This is an ancient bug that was actually attempted to be fixed once
(badly) by me eleven years ago in commit
4ceb5db9757a ("Fix
get_user_pages() race for write access") but that was then undone due to
problems on s390 by commit
f33ea7f404e5 ("fix get_user_pages bug").
In the meantime, the s390 situation has long been fixed, and we can now
fix it by checking the pte_dirty() bit properly (and do it better). The
s390 dirty bit was implemented in
abf09bed3cce ("s390/mm: implement
software dirty bits") which made it into v3.9. Earlier kernels will
have to look at the page state itself.
Also, the VM has become more scalable, and what used a purely
theoretical race back then has become easier to trigger.
To fix it, we introduce a new internal FOLL_COW flag to mark the "yes,
we already did a COW" rather than play racy games with FOLL_WRITE that
is very fundamental, and then use the pte dirty flag to validate that
the FOLL_COW flag is still valid.
Reported-and-tested-by: Phil "not Paul" Oester <kernel@linuxace.com>
Acked-by: Hugh Dickins <hughd@google.com>
Reviewed-by: Michal Hocko <mhocko@suse.com>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Kees Cook <keescook@chromium.org>
Cc: Oleg Nesterov <oleg@redhat.com>
Cc: Willy Tarreau <w@1wt.eu>
Cc: Nick Piggin <npiggin@gmail.com>
Cc: Greg Thelen <gthelen@google.com>
Cc: stable@vger.kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
[mainline backport of commit
19be0eaffa3ac7d8eb6784ad9bdbc7d67ed8e619 to resolve CVE-2016-5195]
Change-Id: I9d58d4199fe3c5aa712ed7e58d4bf6a624eb0005
Signed-off-by: Jaechul Lee <jcsing.lee@samsung.com>
Philip Pettersson [Wed, 14 Dec 2016 12:24:56 +0000 (13:24 +0100)]
packet: fix race condition in packet_set_ring
[ Upstream commit
84ac7260236a49c79eede91617700174c2c19b0c ]
When packet_set_ring creates a ring buffer it will initialize a
struct timer_list if the packet version is TPACKET_V3. This value
can then be raced by a different thread calling setsockopt to
set the version to TPACKET_V1 before packet_set_ring has finished.
This leads to a use-after-free on a function pointer in the
struct timer_list when the socket is closed as the previously
initialized timer will not be deleted.
The bug is fixed by taking lock_sock(sk) in packet_setsockopt when
changing the packet version while also taking the lock at the start
of packet_set_ring.
Fixes: f6fb8f100b80 ("af-packet: TPACKET_V3 flexible buffer implementation.")
Signed-off-by: Philip Pettersson <philip.pettersson@gmail.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
[mainline backport of commit
5c120b79dd6601a987eb33214f2686e5b75f3c3e to resolve CVE-2016-8655]
Change-Id: I587603ef7796a4b227aa992a873fd6d5ec22774a
Signed-off-by: Jaechul Lee <jcsing.lee@samsung.com>
David Howells [Wed, 26 Oct 2016 14:01:54 +0000 (15:01 +0100)]
KEYS: Fix short sprintf buffer in /proc/keys show function
[ Upstream commit
03dab869b7b239c4e013ec82aea22e181e441cfc ]
This fixes CVE-2016-7042.
Fix a short sprintf buffer in proc_keys_show(). If the gcc stack protector
is turned on, this can cause a panic due to stack corruption.
The problem is that xbuf[] is not big enough to hold a 64-bit timeout
rendered as weeks:
(gdb) p 0xffffffffffffffffULL/(60*60*24*7)
$2 =
30500568904943
That's 14 chars plus NUL, not 11 chars plus NUL.
Expand the buffer to 16 chars.
I think the unpatched code apparently works if the stack-protector is not
enabled because on a 32-bit machine the buffer won't be overflowed and on a
64-bit machine there's a 64-bit aligned pointer at one side and an int that
isn't checked again on the other side.
The panic incurred looks something like:
Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in:
ffffffff81352ebe
CPU: 0 PID: 1692 Comm: reproducer Not tainted 4.7.2-201.fc24.x86_64 #1
Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
0000000000000086 00000000fbbd2679 ffff8800a044bc00 ffffffff813d941f
ffffffff81a28d58 ffff8800a044bc98 ffff8800a044bc88 ffffffff811b2cb6
ffff880000000010 ffff8800a044bc98 ffff8800a044bc30 00000000fbbd2679
Call Trace:
[<
ffffffff813d941f>] dump_stack+0x63/0x84
[<
ffffffff811b2cb6>] panic+0xde/0x22a
[<
ffffffff81352ebe>] ? proc_keys_show+0x3ce/0x3d0
[<
ffffffff8109f7f9>] __stack_chk_fail+0x19/0x30
[<
ffffffff81352ebe>] proc_keys_show+0x3ce/0x3d0
[<
ffffffff81350410>] ? key_validate+0x50/0x50
[<
ffffffff8134db30>] ? key_default_cmp+0x20/0x20
[<
ffffffff8126b31c>] seq_read+0x2cc/0x390
[<
ffffffff812b6b12>] proc_reg_read+0x42/0x70
[<
ffffffff81244fc7>] __vfs_read+0x37/0x150
[<
ffffffff81357020>] ? security_file_permission+0xa0/0xc0
[<
ffffffff81246156>] vfs_read+0x96/0x130
[<
ffffffff81247635>] SyS_read+0x55/0xc0
[<
ffffffff817eb872>] entry_SYSCALL_64_fastpath+0x1a/0xa4
Reported-by: Ondrej Kozina <okozina@redhat.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Tested-by: Ondrej Kozina <okozina@redhat.com>
cc: stable@vger.kernel.org
Signed-off-by: James Morris <james.l.morris@oracle.com>
Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
[mainline backport of commit
abe571f80e33d3df7741d15cd03a8b95a93f659f]
Change-Id: I9785f8f6a9bb18d734b75b9c929be90ca433c5ab
Signed-off-by: Jaechul Lee <jcsing.lee@samsung.com>
Jeff Mahoney [Tue, 5 Jul 2016 21:32:30 +0000 (17:32 -0400)]
ecryptfs: don't allow mmap when the lower fs doesn't support it
[ Upstream commit
f0fe970df3838c202ef6c07a4c2b36838ef0a88b ]
There are legitimate reasons to disallow mmap on certain files, notably
in sysfs or procfs. We shouldn't emulate mmap support on file systems
that don't offer support natively.
CVE-2016-1583
Signed-off-by: Jeff Mahoney <jeffm@suse.com>
Cc: stable@vger.kernel.org
[tyhicks: clean up f_op check by using ecryptfs_file_to_lower()]
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
[mainline backport of commit
8c8e669bb8c5f690976883dd3b7a32d605c58d9a]
Change-Id: I47d4d1c3945782ff77bf58259fcafff4d2f7e7b3
Signed-off-by: Jaechul Lee <jcsing.lee@samsung.com>
Ben Hutchings [Sun, 1 Nov 2015 16:22:53 +0000 (16:22 +0000)]
ppp, slip: Validate VJ compression slot parameters completely
[ Upstream commit
4ab42d78e37a294ac7bc56901d563c642e03c4ae ]
Currently slhc_init() treats out-of-range values of rslots and tslots
as equivalent to 0, except that if tslots is too large it will
dereference a null pointer (CVE-2015-7799).
Add a range-check at the top of the function and make it return an
ERR_PTR() on error instead of NULL. Change the callers accordingly.
Compile-tested only.
Reported-by: 郭永刚 <guoyonggang@360.cn>
References: http://article.gmane.org/gmane.comp.security.oss.general/17908
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
[mainline backport of commit
82185755d90c8047c6f4b589c39998ff3d4ca3ad]
Change-Id: Icb00d92ae3e8e8f5d4d06dd55955e1f98a2980b5
Signed-off-by: Jaechul Lee <jcsing.lee@samsung.com>
Yevgeny Pats [Tue, 19 Jan 2016 22:09:04 +0000 (22:09 +0000)]
KEYS: Fix keyring ref leak in join_session_keyring()
[ Upstream commit
23567fd052a9abb6d67fe8e7a9ccdd9800a540f2 ]
This fixes CVE-2016-0728.
If a thread is asked to join as a session keyring the keyring that's already
set as its session, we leak a keyring reference.
This can be tested with the following program:
#include <stddef.h>
#include <stdio.h>
#include <sys/types.h>
#include <keyutils.h>
int main(int argc, const char *argv[])
{
int i = 0;
key_serial_t serial;
serial = keyctl(KEYCTL_JOIN_SESSION_KEYRING,
"leaked-keyring");
if (serial < 0) {
perror("keyctl");
return -1;
}
if (keyctl(KEYCTL_SETPERM, serial,
KEY_POS_ALL | KEY_USR_ALL) < 0) {
perror("keyctl");
return -1;
}
for (i = 0; i < 100; i++) {
serial = keyctl(KEYCTL_JOIN_SESSION_KEYRING,
"leaked-keyring");
if (serial < 0) {
perror("keyctl");
return -1;
}
}
return 0;
}
If, after the program has run, there something like the following line in
/proc/keys:
3f3d898f I--Q--- 100 perm
3f3f0000 0 0 keyring leaked-keyring: empty
with a usage count of 100 * the number of times the program has been run,
then the kernel is malfunctioning. If leaked-keyring has zero usages or
has been garbage collected, then the problem is fixed.
Reported-by: Yevgeny Pats <yevgeny@perception-point.io>
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Don Zickus <dzickus@redhat.com>
Acked-by: Prarit Bhargava <prarit@redhat.com>
Acked-by: Jarod Wilson <jarod@redhat.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
[mainline backport of commit
d25b4531a808bd0faae3dcd0553421d0570373d1]
Change-Id: I00f47005e93ffb2fe1c68024e9d6820f35ac2602
Signed-off-by: Jaechul Lee <jcsing.lee@samsung.com>
David Howells [Fri, 18 Dec 2015 01:34:26 +0000 (01:34 +0000)]
KEYS: Fix race between read and revoke
[ Upstream commit
b4a1b4f5047e4f54e194681125c74c0aa64d637d ]
This fixes CVE-2015-7550.
There's a race between keyctl_read() and keyctl_revoke(). If the revoke
happens between keyctl_read() checking the validity of a key and the key's
semaphore being taken, then the key type read method will see a revoked key.
This causes a problem for the user-defined key type because it assumes in
its read method that there will always be a payload in a non-revoked key
and doesn't check for a NULL pointer.
Fix this by making keyctl_read() check the validity of a key after taking
semaphore instead of before.
I think the bug was introduced with the original keyrings code.
This was discovered by a multithreaded test program generated by syzkaller
(http://github.com/google/syzkaller). Here's a cleaned up version:
#include <sys/types.h>
#include <keyutils.h>
#include <pthread.h>
void *thr0(void *arg)
{
key_serial_t key = (unsigned long)arg;
keyctl_revoke(key);
return 0;
}
void *thr1(void *arg)
{
key_serial_t key = (unsigned long)arg;
char buffer[16];
keyctl_read(key, buffer, 16);
return 0;
}
int main()
{
key_serial_t key = add_key("user", "%", "foo", 3, KEY_SPEC_USER_KEYRING);
pthread_t th[5];
pthread_create(&th[0], 0, thr0, (void *)(unsigned long)key);
pthread_create(&th[1], 0, thr1, (void *)(unsigned long)key);
pthread_create(&th[2], 0, thr0, (void *)(unsigned long)key);
pthread_create(&th[3], 0, thr1, (void *)(unsigned long)key);
pthread_join(th[0], 0);
pthread_join(th[1], 0);
pthread_join(th[2], 0);
pthread_join(th[3], 0);
return 0;
}
Build as:
cc -o keyctl-race keyctl-race.c -lkeyutils -lpthread
Run as:
while keyctl-race; do :; done
as it may need several iterations to crash the kernel. The crash can be
summarised as:
BUG: unable to handle kernel NULL pointer dereference at
0000000000000010
IP: [<
ffffffff81279b08>] user_read+0x56/0xa3
...
Call Trace:
[<
ffffffff81276aa9>] keyctl_read_key+0xb6/0xd7
[<
ffffffff81277815>] SyS_keyctl+0x83/0xe0
[<
ffffffff815dbb97>] entry_SYSCALL_64_fastpath+0x12/0x6f
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Tested-by: Dmitry Vyukov <dvyukov@google.com>
Cc: stable@vger.kernel.org
Signed-off-by: James Morris <james.l.morris@oracle.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
[mainline backport of commit
e41946e47ec501023afd7e5dfeb794ab7492e7c0]
Change-Id: Ic57adba03af8c5d8c50d7b4817ae9e48adba677f
Signed-off-by: Jaechul Lee <jcsing.lee@samsung.com>
Quentin Casasnovas [Tue, 24 Nov 2015 22:13:21 +0000 (17:13 -0500)]
RDS: fix race condition when sending a message on unbound socket
[ Upstream commit
8c7188b23474cca017b3ef354c4a58456f68303a ]
Sasha's found a NULL pointer dereference in the RDS connection code when
sending a message to an apparently unbound socket. The problem is caused
by the code checking if the socket is bound in rds_sendmsg(), which checks
the rs_bound_addr field without taking a lock on the socket. This opens a
race where rs_bound_addr is temporarily set but where the transport is not
in rds_bind(), leading to a NULL pointer dereference when trying to
dereference 'trans' in __rds_conn_create().
Vegard wrote a reproducer for this issue, so kindly ask him to share if
you're interested.
I cannot reproduce the NULL pointer dereference using Vegard's reproducer
with this patch, whereas I could without.
Complete earlier incomplete fix to CVE-2015-6937:
74e98eb08588 ("RDS: verify the underlying transport exists before creating a connection")
Cc: David S. Miller <davem@davemloft.net>
Cc: stable@vger.kernel.org
Change-Id: I7b41743a51bd3213de624d6165c6366c9f808067
Reviewed-by: Vegard Nossum <vegard.nossum@oracle.com>
Reviewed-by: Sasha Levin <sasha.levin@oracle.com>
Acked-by: Santosh Shilimkar <santosh.shilimkar@oracle.com>
Signed-off-by: Quentin Casasnovas <quentin.casasnovas@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
[mainline backport of commit
96c7b10cd8000973035b667adf62ea1164f4b9b4]
Change-Id: I7b41743a51bd3213de624d6165c6366c9f808067
Signed-off-by: Jaechul Lee <jcsing.lee@samsung.com>
Hannes Frederic Sowa [Mon, 14 Dec 2015 21:03:39 +0000 (22:03 +0100)]
net: add validation for the socket syscall protocol argument
[ Upstream commit
79462ad02e861803b3840cc782248c7359451cd9 ]
郭永刚 reported that one could simply crash the kernel as root by
using a simple program:
int socket_fd;
struct sockaddr_in addr;
addr.sin_port = 0;
addr.sin_addr.s_addr = INADDR_ANY;
addr.sin_family = 10;
socket_fd = socket(10,3,0x40000000);
connect(socket_fd , &addr,16);
AF_INET, AF_INET6 sockets actually only support 8-bit protocol
identifiers. inet_sock's skc_protocol field thus is sized accordingly,
thus larger protocol identifiers simply cut off the higher bits and
store a zero in the protocol fields.
This could lead to e.g. NULL function pointer because as a result of
the cut off inet_num is zero and we call down to inet_autobind, which
is NULL for raw sockets.
kernel: Call Trace:
kernel: [<
ffffffff816db90e>] ? inet_autobind+0x2e/0x70
kernel: [<
ffffffff816db9a4>] inet_dgram_connect+0x54/0x80
kernel: [<
ffffffff81645069>] SYSC_connect+0xd9/0x110
kernel: [<
ffffffff810ac51b>] ? ptrace_notify+0x5b/0x80
kernel: [<
ffffffff810236d8>] ? syscall_trace_enter_phase2+0x108/0x200
kernel: [<
ffffffff81645e0e>] SyS_connect+0xe/0x10
kernel: [<
ffffffff81779515>] tracesys_phase2+0x84/0x89
I found no particular commit which introduced this problem.
CVE: CVE-2015-8543
Cc: Cong Wang <cwang@twopensource.com>
Reported-by: 郭永刚 <guoyonggang@360.cn>
Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
[mainline backport of commit
e60ccfd9e596b48d4b9d6e2b5440261c83d10c12]
Change-Id: Ia74ccac11d64e4e107b2696661abf87787fd62eb
Signed-off-by: Jaechul Lee <jcsing.lee@samsung.com>
Colin Ian King [Mon, 27 Jul 2015 14:23:43 +0000 (15:23 +0100)]
KEYS: ensure we free the assoc array edit if edit is valid
[ Upstream commit HEAD ]
commit
ca4da5dd1f99fe9c59f1709fb43e818b18ad20e0 upstream.
__key_link_end is not freeing the associated array edit structure
and this leads to a 512 byte memory leak each time an identical
existing key is added with add_key().
The reason the add_key() system call returns okay is that
key_create_or_update() calls __key_link_begin() before checking to see
whether it can update a key directly rather than adding/replacing - which
it turns out it can. Thus __key_link() is not called through
__key_instantiate_and_link() and __key_link_end() must cancel the edit.
CVE-2015-1333
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit
c9cd9b18dac801040ada16562dc579d5ac366d75)
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
[mainline backport of commit
66db51c9f7b2fe7ebdfa753b2aa9abbb9feddc87]
Change-Id: I00cf148142abfc956609aeb35b030b4d1bba16e6
Signed-off-by: Jaechul Lee <jcsing.lee@samsung.com>
Marek Szyprowski [Tue, 21 Feb 2017 13:21:01 +0000 (14:21 +0100)]
dma-buf: add support for compat ioctl
Add compat ioctl support to dma-buf. This lets one to use DMA_BUF_IOCTL_SYNC
ioctl from 32bit application on 64bit kernel. Data structures for both 32
and 64bit modes are same, so there is no need for additional translation
layer.
Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
Reviewed-by: Christian König <christian.koenig@amd.com>
Acked-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Signed-off-by: Sumit Semwal <sumit.semwal@linaro.org>
Link: http://patchwork.freedesktop.org/patch/msgid/1487683261-2655-1-git-send-email-m.szyprowski@samsung.com
[Adjust commit-msg with commit in next tree]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Change-Id: I902d06598ffa5a8985274185f6dc5b15ae119fcb
Daniel Vetter [Tue, 21 Feb 2017 07:37:38 +0000 (16:37 +0900)]
dma-buf: Add ioctls to allow userspace to flush
The userspace might need some sort of cache coherency management e.g. when CPU
and GPU domains are being accessed through dma-buf at the same time. To
circumvent this problem there are begin/end coherency markers, that forward
directly to existing dma-buf device drivers vfunc hooks. Userspace can make use
of those markers through the DMA_BUF_IOCTL_SYNC ioctl. The sequence would be
used like following:
- mmap dma-buf fd
- for each drawing/upload cycle in CPU 1. SYNC_START ioctl, 2. read/write
to mmap area 3. SYNC_END ioctl. This can be repeated as often as you
want (with the new data being consumed by the GPU or say scanout device)
- munmap once you don't need the buffer any more
v2 (Tiago): Fix header file type names (u64 -> __u64)
v3 (Tiago): Add documentation. Use enum dma_buf_sync_flags to the begin/end
dma-buf functions. Check for overflows in start/length.
v4 (Tiago): use 2d regions for sync.
v5 (Tiago): forget about 2d regions (v4); use _IOW in DMA_BUF_IOCTL_SYNC and
remove range information from struct dma_buf_sync.
v6 (Tiago): use __u64 structured padded flags instead enum. Adjust
documentation about the recommendation on using sync ioctls.
v7 (Tiago): Alex' nit on flags definition and being even more wording in the
doc about sync usage.
v9 (Tiago): remove useless is_dma_buf_file check. Fix sync.flags conditionals
and its mask order check. Add <linux/types.h> include in dma-buf.h.
Change-Id: Id20b5354ba481e2d896b08500e1323eedcb16e5b
Cc: Ville Syrjälä <ville.syrjala@linux.intel.com>
Cc: David Herrmann <dh.herrmann@gmail.com>
Cc: Sumit Semwal <sumit.semwal@linaro.org>
Reviewed-by: Stéphane Marchesin <marcheu@chromium.org>
Signed-off-by: Daniel Vetter <daniel.vetter@intel.com>
Signed-off-by: Tiago Vignatti <tiago.vignatti@intel.com>
Reviewed-by: David Herrmann <dh.herrmann@gmail.com>
Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
Link: http://patchwork.freedesktop.org/patch/msgid/1455228291-29640-1-git-send-email-tiago.vignatti@intel.com
And below things are included,
- backport of mainline commit
831e9da7dc5c22fd2a5fb64e999f6e077a4338c3
- fix build errors incurred by argument mismatches of dma_buf_begin/end_cpu_access function calls in v4l2/mali/ion drivers.
Signed-off-by: Inki Dae <inki.dae@samsung.com>
Jaechul Lee [Mon, 6 Mar 2017 09:33:36 +0000 (18:33 +0900)]
packaging: exported kernel-header based on armv7l
There were difference in kernel-headers between arch64 and armv7l
architecture. It need to be built and exported respectively. So, I
enabled building and made kernel-headers for armv7l.
Change-Id: Ia890e98a591f3474711313ab41800712717190f8
Signed-off-by: Jaechul Lee <jcsing.lee@samsung.com>
Dongwoo Lee [Thu, 23 Feb 2017 07:01:05 +0000 (16:01 +0900)]
power: battery: sec-battery: Add support for disabling battery charge
The new attribute "disable_charge" will be added. If this attribute is
set to 1, battery charging completely stops within "discharging"
state, and it cannot resume until restoring the attribute as 0 or
rebooting the target.
Change-Id: I0638bf73ba89d72c34d1c338a411e6d4978060db
Signed-off-by: Dongwoo Lee <dwoo08.lee@samsung.com>
Jaechul Lee [Fri, 17 Feb 2017 05:11:59 +0000 (14:11 +0900)]
packaging: exported kernel-header properly
Orginally, kernel-header which is based on 3.18.14 was exported.
We applied some patches on the kernel therefore it need to export
patched kernel-header again. Moreover, organized spec script properly
and removed unnecessary code.
Change-Id: I8935d9cc374a2551e57a4ba4f551c047abad2814
Signed-off-by: Jaechul Lee <jcsing.lee@samsung.com>
Jaechul Lee [Thu, 16 Feb 2017 05:47:49 +0000 (14:47 +0900)]
packaging: added execution authority to script files
GBS build would be failed sometimes because script file don't have
execution authority even though I already added execution permission
like this '755'. So, I added execute permisson forcibly while RPM is
executed.
Change-Id: Ie014c03575659c5f1bca18af8572c712251c38fd
Signed-off-by: Jaechul Lee <jcsing.lee@samsung.com>
Jaechul Lee [Thu, 16 Feb 2017 02:13:37 +0000 (11:13 +0900)]
packaging: removed '%post' script and unnecessary code
There are two rpms as a result such as aarch64 and armv7l. In case of
aarh64, It works well but %post script in armv7l arch won't run because
of baselibs. Therefore, I located dzImage in /boot/kernel/dzImage
directly.
Change-Id: Ibeb43d6db22f597b9ffad07d16b925516ea1950d
Signed-off-by: Jaechul Lee <jcsing.lee@samsung.com>
Jaechul Lee [Thu, 16 Feb 2017 05:42:28 +0000 (14:42 +0900)]
packaging: removed code associated with module build
It is not need to build kernel modules, we don't use it.
Change-Id: I534648cf110ae606187a75bca6e49bd9d954eb33
Signed-off-by: Jaechul Lee <jcsing.lee@samsung.com>
Jaechul Lee [Wed, 15 Feb 2017 10:03:56 +0000 (19:03 +0900)]
packaging: baselibs didn't work.
if i use the name of rpm packages included '.' or '_' like
'linux-3.18-tizen_tw2', it will be failed to make armv7l rpm packages.
Signed-off-by: Jaechul Lee <jcsing.lee@samsung.com>
Jaechul Lee [Wed, 15 Feb 2017 08:24:48 +0000 (17:24 +0900)]
packaging: fixed baselibs contents.
added "+/" for making arm7l binary and changed rpm name.
Signed-off-by: Jaechul Lee <jcsing.lee@samsung.com>
Jaechul Lee [Wed, 15 Feb 2017 07:53:02 +0000 (16:53 +0900)]
packaging: added 'ExclusiveArch:aarch64'
TW2 should be built to use aarch64.
Signed-off-by: Jaechul Lee <jcsing.lee@samsung.com>
Jaechul Lee [Fri, 10 Feb 2017 05:25:48 +0000 (14:25 +0900)]
packaging: added baselibs.conf for building arm7l arch.
It also need to build kernel based on arm7l.
Signed-off-by: Jaechul Lee <jcsing.lee@samsung.com>
Jaechul Lee [Thu, 9 Feb 2017 00:18:19 +0000 (09:18 +0900)]
packaging: fixed the permission error when execute "scripts/exynos_*.sh"
script files for dtb were created with 644 permission in the scratchbox even
though i already changed perm to 755. Therefore, build will be failed when
execute "exynos_dtbtool.sh" because it doesn't have 'x' permission.
I tried to touch these files again and it worked well. I suspect that first
patch couldn't apply the file attribute. That's why i made this meaningless
commit.
Signed-off-by: Jaechul Lee <jcsing.lee@samsung.com>
Jaechul Lee [Wed, 8 Feb 2017 01:06:03 +0000 (10:06 +0900)]
packaging: removed useless BuildRequires.
Removed useless "BuildRequires" in the spec file such as gcc, lzop, python and
etc. It is possible to build kernel without these packages.
The reason why, kernel doesn't need to have dependencies these packages
associated with Tizen platform.
Signed-off-by: Jaechul Lee <jcsing.lee@samsung.com>
Jaechul Lee [Tue, 7 Feb 2017 09:53:06 +0000 (18:53 +0900)]
arm64: defconfig: disable SWAP_DA config.
removed useless config.
Signed-off-by: Jaechul Lee <jcsing.lee@samsung.com>
Jaechul Lee [Tue, 7 Feb 2017 03:53:43 +0000 (12:53 +0900)]
input: removed annoying input event logs.
Removed unnecessary logs when occuring hardkeys, touchscreen, rotary event.
Signed-off-by: Jaechul Lee <jcsing.lee@samsung.com>
Jaechul Lee [Tue, 7 Feb 2017 04:40:28 +0000 (13:40 +0900)]
arm64: defconfig: changed defconfig name to tw2 from solis
Removed unnecessary defconfigs and changed defconfig name to tw2.
Signed-off-by: Jaechul Lee <jcsing.lee@samsung.com>
Jin-young Jeon [Mon, 19 Dec 2016 05:53:50 +0000 (14:53 +0900)]
drm/tgm: tbm: implement prime import ops on gem_ion.
This patch implementes prime import for gem_ion.
Signed-off-by: Jin-young Jeon <jy0.jeon@samsung.com>
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Jin-young Jeon [Mon, 19 Dec 2016 04:57:47 +0000 (13:57 +0900)]
ion: add apis to get client property.
This patch adds APIs to get ion client property.
Signed-off-by: Jin-young Jeon <jy0.jeon@samsung.com>
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Seung-Woo Kim [Mon, 6 Feb 2017 11:31:46 +0000 (20:31 +0900)]
power-supply: sync supply properties and type
This patch fixes to sync supply properties and their type to avoid
int type in string type position.
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Seung-Woo Kim [Mon, 6 Feb 2017 11:29:56 +0000 (20:29 +0900)]
battery: p9220: adjust log and log level for get_property
The get_property function prints not matched value with info level,
so this patch adjusts value name and change to debug level.
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Jaechul Lee [Thu, 2 Feb 2017 10:38:08 +0000 (19:38 +0900)]
video: exynos: Add DECON_STATE_INIT in the suspend function
DECON_STATE_INIT is not defined in the suspend function. So, it return while
booting tizen. Besides, added logs to check the device state.
Errors
dpm_run_callback(): pm_genpd_suspend+0x0/0x78 returns -16
PM: Device
14830000.decon_fb failed to suspend: error -16
Signed-off-by: Jaechul Lee <jcsing.lee@samsung.com>
Jaechul Lee [Wed, 1 Feb 2017 02:22:48 +0000 (11:22 +0900)]
power: Removed unnecessary logs during booting and idle state.
Changed levels of unnecessary log to debug from error and info.
Moreover, changed error code to ENODATA from EINVAL to avoid printing out
too much logs during idle state.
Signed-off-by: Jaechul Lee <jcsing.lee@samsung.com>
Jaechul Lee [Mon, 30 Jan 2017 23:58:22 +0000 (08:58 +0900)]
packaging: Added '.gbs.conf' for partial build
Added gbs configuration file for enhanced building.
it makes gbs build faster than before.
Signed-off-by: Jaechul Lee <jcsing.lee@samsung.com>
Jaechul Lee [Thu, 26 Jan 2017 01:13:24 +0000 (10:13 +0900)]
packaging: Made build scripts for GBS.
Build scripts were fixed to be worked on GBS environment based on gcc6.
Signed-off-by: Jaechul Lee <jcsing.lee@samsung.com>
Seung-Woo Kim [Wed, 25 Jan 2017 10:31:12 +0000 (19:31 +0900)]
arm64: tizen_solis_defconfig: adjust smack options
This patch adjusts smack options to enable smack netfilter and
smack append signals.
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Roman Kubiak [Fri, 12 Jun 2015 10:32:57 +0000 (12:32 +0200)]
netfilter: nfnetlink_queue: add security context information
This patch adds an additional attribute when sending
packet information via netlink in netfilter_queue module.
It will send additional security context data, so that
userspace applications can verify this context against
their own security databases.
Signed-off-by: Roman Kubiak <r.kubiak@samsung.com>
Acked-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Casey Schaufler [Wed, 11 Feb 2015 20:52:32 +0000 (12:52 -0800)]
Smack: secmark connections
If the secmark is available us it on connection as
well as packet delivery.
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Casey Schaufler [Fri, 23 Jan 2015 17:31:01 +0000 (09:31 -0800)]
Smack: Repair netfilter dependency
On 1/23/2015 8:20 AM, Jim Davis wrote:
> Building with the attached random configuration file,
>
> security/smack/smack_netfilter.c: In function ‘smack_ipv4_output’:
> security/smack/smack_netfilter.c:55:6: error: ‘struct sk_buff’ has no
> member named ‘secmark’
> skb->secmark = skp->smk_secid;
> ^
> make[2]: *** [security/smack/smack_netfilter.o] Error 1
The existing Makefile used the wrong configuration option to
determine if smack_netfilter should be built. This sets it right.
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Casey Schaufler [Sat, 13 Dec 2014 01:08:40 +0000 (17:08 -0800)]
Smack: secmark support for netfilter
Smack uses CIPSO to label internet packets and thus provide
for access control on delivery of packets. The netfilter facility
was not used to allow for Smack to work properly without netfilter
configuration. Smack does not need netfilter, however there are
cases where it would be handy.
As a side effect, the labeling of local IPv4 packets can be optimized
and the handling of local IPv6 packets is just all out better.
The best part is that the netfilter tools use "contexts" that
are just strings, and they work just as well for Smack as they
do for SELinux.
All of the conditional compilation for IPv6 was implemented
by Rafal Krypa <r.krypa@samsung.com>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Seung-Woo Kim [Mon, 12 Dec 2016 08:35:26 +0000 (17:35 +0900)]
Smack: ignore private inode for file functions
The access to fd from anon_inode is always failed because there is
no set xattr operations. So this patch fixes to ignore private
inode including anon_inode for file functions.
It was only ignored for smack_file_receive() to share dma-buf fd,
but dma-buf has other functions like ioctl and mmap.
Reference: https://lkml.org/lkml/2015/4/17/16
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Rafal Krypa [Fri, 9 Dec 2016 13:03:04 +0000 (14:03 +0100)]
Smack: fix d_instantiate logic for sockfs and pipefs
Since
4b936885a (v2.6.32) all inodes on sockfs and pipefs are disconnected.
It caused filesystem specific code in smack_d_instantiate to be skipped,
because all inodes on those pseudo filesystems were treated as root inodes.
As a result all sockfs inodes had the Smack label set to floor.
In most cases access checks for sockets use socket_smack data so the inode
label is not important. But there are special cases that were broken.
One example would be calling fcntl with F_SETOWN command on a socket fd.
Now smack_d_instantiate expects all pipefs and sockfs inodes to be
disconnected and has the logic in appropriate place.
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
jooseong lee [Thu, 3 Nov 2016 10:54:39 +0000 (11:54 +0100)]
Smack: Assign smack_known_web label for kernel thread's
Assign smack_known_web label for kernel thread's socket
Creating struct sock by sk_alloc function in various kernel subsystems
like bluetooth doesn't call smack_socket_post_create(). In such case,
received sock label is the floor('_') label and makes access deny.
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
Acked-by: Casey Schaufler <casey@schaufler-ca.com>
Casey Schaufler [Tue, 30 Aug 2016 17:31:39 +0000 (10:31 -0700)]
Smack: Signal delivery as an append operation
Under a strict subject/object security policy delivering a
signal or delivering network IPC could be considered either
a write or an append operation. The original choice to make
both write operations leads to an issue where IPC delivery
is desired under policy, but delivery of signals is not.
This patch provides the option of making signal delivery
an append operation, allowing Smack rules that deny signal
delivery while allowing IPC. This was requested for Tizen.
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Seung-Woo Kim [Sat, 21 Jan 2017 03:32:05 +0000 (12:32 +0900)]
modem_if: remove not necessary comparison
The numerical comparison on boolean value causes build warning
with gcc 6, so this patch removes not necessary comparison.
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Seung-Woo Kim [Sat, 21 Jan 2017 03:28:57 +0000 (12:28 +0900)]
fix non proper indents for if clause
non proper indent for if clause causes build error with gcc 6. So
this patch fixes them.
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Seung-Woo Kim [Sat, 21 Jan 2017 03:26:22 +0000 (12:26 +0900)]
SWAP-DA: remove invalid semicolons on energy module
There are invalid semicolons after if clause on energy module and
it causes following build error with gcc 6, so this patch removes
the invalid semicolons.
kernel/swap/energy/energy.c: In function 'calc_wifi_recv_energy':
kernel/swap/energy/energy.c:640:2: error: this 'if' clause does not guard... [-Werror=misleading-indentation]
if (len <= 0 || check_wlan0(sock));
^~
kernel/swap/energy/energy.c:641:3: note: ...this statement, but the latter is misleadingly indented as if it is guarded by the 'if'
return;
^~~~~~
kernel/swap/energy/energy.c: In function 'calc_wifi_send_energy':
kernel/swap/energy/energy.c:653:2: error: this 'if' clause does not guard... [-Werror=misleading-indentation]
if (len <= 0 || check_wlan0(sock));
^~
kernel/swap/energy/energy.c:654:3: note: ...this statement, but the latter is misleadingly indented as if it is guarded by the 'if'
return;
^~~~~~
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Seung-Woo Kim [Tue, 17 Jan 2017 04:22:22 +0000 (13:22 +0900)]
net: bcm4358: fix not to check same value in macro
When BCMBUSTYPE is not defined, then BUSTYPE(bustype) is just
bustype. So comparing bustype and BUSTYPE(bustype) is not necessary.
This patch removes following build warning with gcc 6.
drivers/net/wireless/bcmdhd4358/siutils.c: In function 'si_doattach':
drivers/net/wireless/bcmdhd4358/siutils.c:512:14: warning: self-comparison always evaluates to false [-Wtautological-compare]
if (bustype != BUSTYPE(bustype)) {
^~
Change-Id: I1cac3dd31bcb86983469830013a1093ed9ceaa89
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Seung-Woo Kim [Sat, 21 Jan 2017 03:09:30 +0000 (12:09 +0900)]
trace: remove invalid semicolon after if clause
The commit
6f6f99a38132 ("trace: add non-hierarchical function_graph option"),
in https://android.googlesource.com/kernel/common.git/+/android-3.18,
added invalid semicolon after if clause, so it causes following
build error on gcc 6, so this patch removes the invalid seimicolon.
kernel/trace/trace_output.c: In function 'trace_graph_ret_raw':
kernel/trace/trace_output.c:976:2: error: this 'if' clause does not guard... [-Werror=misleading-indentation]
if (!trace_seq_printf(&iter->seq, "%lx %lld %lld %ld %d\n",
^~
kernel/trace/trace_output.c:982:3: note: ...this statement, but the latter is misleadingly indented as if it is guarded by the 'if'
return TRACE_TYPE_PARTIAL_LINE;
^~~~~~
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
projects / profile / wearable / platform / kernel / linux-3.18-exynos7270.git / log