profile/wearable/platform/kernel/linux-3.18-exynos7270.git
7 years agoKEYS: Fix race between read and revoke 99/118099/2
David Howells [Fri, 18 Dec 2015 01:34:26 +0000 (01:34 +0000)]
KEYS: Fix race between read and revoke

[ Upstream commit b4a1b4f5047e4f54e194681125c74c0aa64d637d ]

This fixes CVE-2015-7550.

There's a race between keyctl_read() and keyctl_revoke().  If the revoke
happens between keyctl_read() checking the validity of a key and the key's
semaphore being taken, then the key type read method will see a revoked key.

This causes a problem for the user-defined key type because it assumes in
its read method that there will always be a payload in a non-revoked key
and doesn't check for a NULL pointer.

Fix this by making keyctl_read() check the validity of a key after taking
semaphore instead of before.

I think the bug was introduced with the original keyrings code.

This was discovered by a multithreaded test program generated by syzkaller
(http://github.com/google/syzkaller).  Here's a cleaned up version:

#include <sys/types.h>
#include <keyutils.h>
#include <pthread.h>
void *thr0(void *arg)
{
key_serial_t key = (unsigned long)arg;
keyctl_revoke(key);
return 0;
}
void *thr1(void *arg)
{
key_serial_t key = (unsigned long)arg;
char buffer[16];
keyctl_read(key, buffer, 16);
return 0;
}
int main()
{
key_serial_t key = add_key("user", "%", "foo", 3, KEY_SPEC_USER_KEYRING);
pthread_t th[5];
pthread_create(&th[0], 0, thr0, (void *)(unsigned long)key);
pthread_create(&th[1], 0, thr1, (void *)(unsigned long)key);
pthread_create(&th[2], 0, thr0, (void *)(unsigned long)key);
pthread_create(&th[3], 0, thr1, (void *)(unsigned long)key);
pthread_join(th[0], 0);
pthread_join(th[1], 0);
pthread_join(th[2], 0);
pthread_join(th[3], 0);
return 0;
}

Build as:

cc -o keyctl-race keyctl-race.c -lkeyutils -lpthread

Run as:

while keyctl-race; do :; done

as it may need several iterations to crash the kernel.  The crash can be
summarised as:

BUG: unable to handle kernel NULL pointer dereference at 0000000000000010
IP: [<ffffffff81279b08>] user_read+0x56/0xa3
...
Call Trace:
 [<ffffffff81276aa9>] keyctl_read_key+0xb6/0xd7
 [<ffffffff81277815>] SyS_keyctl+0x83/0xe0
 [<ffffffff815dbb97>] entry_SYSCALL_64_fastpath+0x12/0x6f

Reported-by: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Tested-by: Dmitry Vyukov <dvyukov@google.com>
Cc: stable@vger.kernel.org
Signed-off-by: James Morris <james.l.morris@oracle.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
[mainline backport of commit e41946e47ec501023afd7e5dfeb794ab7492e7c0]
Change-Id: Ic57adba03af8c5d8c50d7b4817ae9e48adba677f
Signed-off-by: Jaechul Lee <jcsing.lee@samsung.com>
7 years agoRDS: fix race condition when sending a message on unbound socket 98/118098/2
Quentin Casasnovas [Tue, 24 Nov 2015 22:13:21 +0000 (17:13 -0500)]
RDS: fix race condition when sending a message on unbound socket

[ Upstream commit 8c7188b23474cca017b3ef354c4a58456f68303a ]

Sasha's found a NULL pointer dereference in the RDS connection code when
sending a message to an apparently unbound socket.  The problem is caused
by the code checking if the socket is bound in rds_sendmsg(), which checks
the rs_bound_addr field without taking a lock on the socket.  This opens a
race where rs_bound_addr is temporarily set but where the transport is not
in rds_bind(), leading to a NULL pointer dereference when trying to
dereference 'trans' in __rds_conn_create().

Vegard wrote a reproducer for this issue, so kindly ask him to share if
you're interested.

I cannot reproduce the NULL pointer dereference using Vegard's reproducer
with this patch, whereas I could without.

Complete earlier incomplete fix to CVE-2015-6937:

  74e98eb08588 ("RDS: verify the underlying transport exists before creating a connection")

Cc: David S. Miller <davem@davemloft.net>
Cc: stable@vger.kernel.org
Change-Id: I7b41743a51bd3213de624d6165c6366c9f808067
Reviewed-by: Vegard Nossum <vegard.nossum@oracle.com>
Reviewed-by: Sasha Levin <sasha.levin@oracle.com>
Acked-by: Santosh Shilimkar <santosh.shilimkar@oracle.com>
Signed-off-by: Quentin Casasnovas <quentin.casasnovas@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
[mainline backport of commit 96c7b10cd8000973035b667adf62ea1164f4b9b4]
Change-Id: I7b41743a51bd3213de624d6165c6366c9f808067
Signed-off-by: Jaechul Lee <jcsing.lee@samsung.com>
7 years agonet: add validation for the socket syscall protocol argument 97/118097/2
Hannes Frederic Sowa [Mon, 14 Dec 2015 21:03:39 +0000 (22:03 +0100)]
net: add validation for the socket syscall protocol argument

[ Upstream commit 79462ad02e861803b3840cc782248c7359451cd9 ]

郭永刚 reported that one could simply crash the kernel as root by
using a simple program:

int socket_fd;
struct sockaddr_in addr;
addr.sin_port = 0;
addr.sin_addr.s_addr = INADDR_ANY;
addr.sin_family = 10;

socket_fd = socket(10,3,0x40000000);
connect(socket_fd , &addr,16);

AF_INET, AF_INET6 sockets actually only support 8-bit protocol
identifiers. inet_sock's skc_protocol field thus is sized accordingly,
thus larger protocol identifiers simply cut off the higher bits and
store a zero in the protocol fields.

This could lead to e.g. NULL function pointer because as a result of
the cut off inet_num is zero and we call down to inet_autobind, which
is NULL for raw sockets.

kernel: Call Trace:
kernel:  [<ffffffff816db90e>] ? inet_autobind+0x2e/0x70
kernel:  [<ffffffff816db9a4>] inet_dgram_connect+0x54/0x80
kernel:  [<ffffffff81645069>] SYSC_connect+0xd9/0x110
kernel:  [<ffffffff810ac51b>] ? ptrace_notify+0x5b/0x80
kernel:  [<ffffffff810236d8>] ? syscall_trace_enter_phase2+0x108/0x200
kernel:  [<ffffffff81645e0e>] SyS_connect+0xe/0x10
kernel:  [<ffffffff81779515>] tracesys_phase2+0x84/0x89

I found no particular commit which introduced this problem.

CVE: CVE-2015-8543
Cc: Cong Wang <cwang@twopensource.com>
Reported-by: 郭永刚 <guoyonggang@360.cn>
Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
[mainline backport of commit e60ccfd9e596b48d4b9d6e2b5440261c83d10c12]
Change-Id: Ia74ccac11d64e4e107b2696661abf87787fd62eb
Signed-off-by: Jaechul Lee <jcsing.lee@samsung.com>
7 years agoKEYS: ensure we free the assoc array edit if edit is valid 96/118096/2
Colin Ian King [Mon, 27 Jul 2015 14:23:43 +0000 (15:23 +0100)]
KEYS: ensure we free the assoc array edit if edit is valid

[ Upstream commit HEAD ]

commit ca4da5dd1f99fe9c59f1709fb43e818b18ad20e0 upstream.

__key_link_end is not freeing the associated array edit structure
and this leads to a 512 byte memory leak each time an identical
existing key is added with add_key().

The reason the add_key() system call returns okay is that
key_create_or_update() calls __key_link_begin() before checking to see
whether it can update a key directly rather than adding/replacing - which
it turns out it can.  Thus __key_link() is not called through
__key_instantiate_and_link() and __key_link_end() must cancel the edit.

CVE-2015-1333

Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit c9cd9b18dac801040ada16562dc579d5ac366d75)
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
[mainline backport of commit 66db51c9f7b2fe7ebdfa753b2aa9abbb9feddc87]
Change-Id: I00cf148142abfc956609aeb35b030b4d1bba16e6
Signed-off-by: Jaechul Lee <jcsing.lee@samsung.com>
7 years agodma-buf: add support for compat ioctl 43/118043/1
Marek Szyprowski [Tue, 21 Feb 2017 13:21:01 +0000 (14:21 +0100)]
dma-buf: add support for compat ioctl

Add compat ioctl support to dma-buf. This lets one to use DMA_BUF_IOCTL_SYNC
ioctl from 32bit application on 64bit kernel. Data structures for both 32
and 64bit modes are same, so there is no need for additional translation
layer.

Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
Reviewed-by: Christian König <christian.koenig@amd.com>
Acked-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Signed-off-by: Sumit Semwal <sumit.semwal@linaro.org>
Link: http://patchwork.freedesktop.org/patch/msgid/1487683261-2655-1-git-send-email-m.szyprowski@samsung.com
[Adjust commit-msg with commit in next tree]
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Change-Id: I902d06598ffa5a8985274185f6dc5b15ae119fcb

7 years agodma-buf: Add ioctls to allow userspace to flush 61/115761/5
Daniel Vetter [Tue, 21 Feb 2017 07:37:38 +0000 (16:37 +0900)]
dma-buf: Add ioctls to allow userspace to flush

The userspace might need some sort of cache coherency management e.g. when CPU
and GPU domains are being accessed through dma-buf at the same time. To
circumvent this problem there are begin/end coherency markers, that forward
directly to existing dma-buf device drivers vfunc hooks. Userspace can make use
of those markers through the DMA_BUF_IOCTL_SYNC ioctl. The sequence would be
used like following:
     - mmap dma-buf fd
     - for each drawing/upload cycle in CPU 1. SYNC_START ioctl, 2. read/write
       to mmap area 3. SYNC_END ioctl. This can be repeated as often as you
       want (with the new data being consumed by the GPU or say scanout device)
     - munmap once you don't need the buffer any more

v2 (Tiago): Fix header file type names (u64 -> __u64)
v3 (Tiago): Add documentation. Use enum dma_buf_sync_flags to the begin/end
dma-buf functions. Check for overflows in start/length.
v4 (Tiago): use 2d regions for sync.
v5 (Tiago): forget about 2d regions (v4); use _IOW in DMA_BUF_IOCTL_SYNC and
remove range information from struct dma_buf_sync.
v6 (Tiago): use __u64 structured padded flags instead enum. Adjust
documentation about the recommendation on using sync ioctls.
v7 (Tiago): Alex' nit on flags definition and being even more wording in the
doc about sync usage.
v9 (Tiago): remove useless is_dma_buf_file check. Fix sync.flags conditionals
and its mask order check. Add <linux/types.h> include in dma-buf.h.

Change-Id: Id20b5354ba481e2d896b08500e1323eedcb16e5b
Cc: Ville Syrjälä <ville.syrjala@linux.intel.com>
Cc: David Herrmann <dh.herrmann@gmail.com>
Cc: Sumit Semwal <sumit.semwal@linaro.org>
Reviewed-by: Stéphane Marchesin <marcheu@chromium.org>
Signed-off-by: Daniel Vetter <daniel.vetter@intel.com>
Signed-off-by: Tiago Vignatti <tiago.vignatti@intel.com>
Reviewed-by: David Herrmann <dh.herrmann@gmail.com>
Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
Link: http://patchwork.freedesktop.org/patch/msgid/1455228291-29640-1-git-send-email-tiago.vignatti@intel.com
And below things are included,
- backport of mainline commit 831e9da7dc5c22fd2a5fb64e999f6e077a4338c3
- fix build errors incurred by argument mismatches of dma_buf_begin/end_cpu_access function calls in v4l2/mali/ion drivers.
Signed-off-by: Inki Dae <inki.dae@samsung.com>
7 years agopackaging: exported kernel-header based on armv7l 38/117538/4 accepted/tizen/unified/20170309.075046 accepted/tizen/wearable/20170307.102922 submit/tizen/20170307.014434 submit/tizen_unified/20170308.100420 submit/tizen_unified/20170309.100419 submit/tizen_wearable/20170307.045503
Jaechul Lee [Mon, 6 Mar 2017 09:33:36 +0000 (18:33 +0900)]
packaging: exported kernel-header based on armv7l

There were difference in kernel-headers between arch64 and armv7l
architecture. It need to be built and exported respectively. So, I
enabled building and made kernel-headers for armv7l.

Change-Id: Ia890e98a591f3474711313ab41800712717190f8
Signed-off-by: Jaechul Lee <jcsing.lee@samsung.com>
7 years agopower: battery: sec-battery: Add support for disabling battery charge 59/116159/4
Dongwoo Lee [Thu, 23 Feb 2017 07:01:05 +0000 (16:01 +0900)]
power: battery: sec-battery: Add support for disabling battery charge

The new attribute "disable_charge" will be added. If this attribute is
set to 1, battery charging completely stops within "discharging"
state, and it cannot resume until restoring the attribute as 0 or
rebooting the target.

Change-Id: I0638bf73ba89d72c34d1c338a411e6d4978060db
Signed-off-by: Dongwoo Lee <dwoo08.lee@samsung.com>
7 years agopackaging: exported kernel-header properly 16/115416/2 accepted/tizen/wearable/20170221.225305 submit/tizen/20170221.075612
Jaechul Lee [Fri, 17 Feb 2017 05:11:59 +0000 (14:11 +0900)]
packaging: exported kernel-header properly

Orginally, kernel-header which is based on 3.18.14 was exported.
We applied some patches on the kernel therefore it need to export
patched kernel-header again. Moreover, organized spec script properly
and removed unnecessary code.

Change-Id: I8935d9cc374a2551e57a4ba4f551c047abad2814
Signed-off-by: Jaechul Lee <jcsing.lee@samsung.com>
7 years agopackaging: added execution authority to script files 33/115033/2 accepted/tizen/wearable/20170216.095751 submit/tizen/20170216.074043
Jaechul Lee [Thu, 16 Feb 2017 05:47:49 +0000 (14:47 +0900)]
packaging: added execution authority to script files

GBS build would be failed sometimes because script file don't have
execution authority even though I already added execution permission
like this '755'. So, I added execute permisson forcibly while RPM is
executed.

Change-Id: Ie014c03575659c5f1bca18af8572c712251c38fd
Signed-off-by: Jaechul Lee <jcsing.lee@samsung.com>
7 years agopackaging: removed '%post' script and unnecessary code 85/114985/3
Jaechul Lee [Thu, 16 Feb 2017 02:13:37 +0000 (11:13 +0900)]
packaging: removed '%post' script and unnecessary code

There are two rpms as a result such as aarch64 and armv7l. In case of
aarh64, It works well but %post script in armv7l arch won't run because
of baselibs. Therefore, I located dzImage in /boot/kernel/dzImage
directly.

Change-Id: Ibeb43d6db22f597b9ffad07d16b925516ea1950d
Signed-off-by: Jaechul Lee <jcsing.lee@samsung.com>
7 years agopackaging: removed code associated with module build 32/115032/2
Jaechul Lee [Thu, 16 Feb 2017 05:42:28 +0000 (14:42 +0900)]
packaging: removed code associated with module build

It is not need to build kernel modules, we don't use it.

Change-Id: I534648cf110ae606187a75bca6e49bd9d954eb33
Signed-off-by: Jaechul Lee <jcsing.lee@samsung.com>
7 years agopackaging: baselibs didn't work. accepted/tizen/wearable/20170215.110213 submit/tizen/20170215.103354
Jaechul Lee [Wed, 15 Feb 2017 10:03:56 +0000 (19:03 +0900)]
packaging: baselibs didn't work.

if i use the name of rpm packages included '.' or '_' like
'linux-3.18-tizen_tw2', it will be failed to make armv7l rpm packages.

Signed-off-by: Jaechul Lee <jcsing.lee@samsung.com>
7 years agopackaging: fixed baselibs contents.
Jaechul Lee [Wed, 15 Feb 2017 08:24:48 +0000 (17:24 +0900)]
packaging: fixed baselibs contents.

added "+/" for making arm7l binary and changed rpm name.

Signed-off-by: Jaechul Lee <jcsing.lee@samsung.com>
7 years agopackaging: added 'ExclusiveArch:aarch64' submit/tizen/20170215.075742
Jaechul Lee [Wed, 15 Feb 2017 07:53:02 +0000 (16:53 +0900)]
packaging: added 'ExclusiveArch:aarch64'

TW2 should be built to use aarch64.

Signed-off-by: Jaechul Lee <jcsing.lee@samsung.com>
7 years agopackaging: added baselibs.conf for building arm7l arch. submit/tizen/20170214.054550 submit/tizen/20170215.072858
Jaechul Lee [Fri, 10 Feb 2017 05:25:48 +0000 (14:25 +0900)]
packaging: added baselibs.conf for building arm7l arch.

It also need to build kernel based on arm7l.

Signed-off-by: Jaechul Lee <jcsing.lee@samsung.com>
7 years agopackaging: fixed the permission error when execute "scripts/exynos_*.sh"
Jaechul Lee [Thu, 9 Feb 2017 00:18:19 +0000 (09:18 +0900)]
packaging: fixed the permission error when execute "scripts/exynos_*.sh"

script files for dtb were created with 644 permission in the scratchbox even
though i already changed perm to 755. Therefore, build will be failed when
execute "exynos_dtbtool.sh" because it doesn't have 'x' permission.

I tried to touch these files again and it worked well. I suspect that first
patch couldn't apply the file attribute. That's why i made this meaningless
commit.

Signed-off-by: Jaechul Lee <jcsing.lee@samsung.com>
7 years agopackaging: removed useless BuildRequires.
Jaechul Lee [Wed, 8 Feb 2017 01:06:03 +0000 (10:06 +0900)]
packaging: removed useless BuildRequires.

Removed useless "BuildRequires" in the spec file such as gcc, lzop, python and
etc. It is possible to build kernel without these packages.

The reason why, kernel doesn't need to have dependencies these packages
associated with Tizen platform.

Signed-off-by: Jaechul Lee <jcsing.lee@samsung.com>
7 years agoarm64: defconfig: disable SWAP_DA config.
Jaechul Lee [Tue, 7 Feb 2017 09:53:06 +0000 (18:53 +0900)]
arm64: defconfig: disable SWAP_DA config.

removed useless config.

Signed-off-by: Jaechul Lee <jcsing.lee@samsung.com>
7 years agoinput: removed annoying input event logs.
Jaechul Lee [Tue, 7 Feb 2017 03:53:43 +0000 (12:53 +0900)]
input: removed annoying input event logs.

Removed unnecessary logs when occuring hardkeys, touchscreen, rotary event.

Signed-off-by: Jaechul Lee <jcsing.lee@samsung.com>
7 years agoarm64: defconfig: changed defconfig name to tw2 from solis
Jaechul Lee [Tue, 7 Feb 2017 04:40:28 +0000 (13:40 +0900)]
arm64: defconfig: changed defconfig name to tw2 from solis

Removed unnecessary defconfigs and changed defconfig name to tw2.

Signed-off-by: Jaechul Lee <jcsing.lee@samsung.com>
7 years agodrm/tgm: tbm: implement prime import ops on gem_ion.
Jin-young Jeon [Mon, 19 Dec 2016 05:53:50 +0000 (14:53 +0900)]
drm/tgm: tbm: implement prime import ops on gem_ion.

This patch implementes prime import for gem_ion.

Signed-off-by: Jin-young Jeon <jy0.jeon@samsung.com>
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
7 years agoion: add apis to get client property.
Jin-young Jeon [Mon, 19 Dec 2016 04:57:47 +0000 (13:57 +0900)]
ion: add apis to get client property.

This patch adds APIs to get ion client property.

Signed-off-by: Jin-young Jeon <jy0.jeon@samsung.com>
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
7 years agopower-supply: sync supply properties and type
Seung-Woo Kim [Mon, 6 Feb 2017 11:31:46 +0000 (20:31 +0900)]
power-supply: sync supply properties and type

This patch fixes to sync supply properties and their type to avoid
int type in string type position.

Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
7 years agobattery: p9220: adjust log and log level for get_property
Seung-Woo Kim [Mon, 6 Feb 2017 11:29:56 +0000 (20:29 +0900)]
battery: p9220: adjust log and log level for get_property

The get_property function prints not matched value with info level,
so this patch adjusts value name and change to debug level.

Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
7 years agovideo: exynos: Add DECON_STATE_INIT in the suspend function
Jaechul Lee [Thu, 2 Feb 2017 10:38:08 +0000 (19:38 +0900)]
video: exynos: Add DECON_STATE_INIT in the suspend function

DECON_STATE_INIT is not defined in the suspend function. So, it return while
booting tizen. Besides, added logs to check the device state.

Errors
dpm_run_callback(): pm_genpd_suspend+0x0/0x78 returns -16
PM: Device 14830000.decon_fb failed to suspend: error -16

Signed-off-by: Jaechul Lee <jcsing.lee@samsung.com>
7 years agopower: Removed unnecessary logs during booting and idle state.
Jaechul Lee [Wed, 1 Feb 2017 02:22:48 +0000 (11:22 +0900)]
power: Removed unnecessary logs during booting and idle state.

Changed levels of unnecessary log to debug from error and info.
Moreover, changed error code to ENODATA from EINVAL to avoid printing out
too much logs during idle state.

Signed-off-by: Jaechul Lee <jcsing.lee@samsung.com>
7 years agopackaging: Added '.gbs.conf' for partial build
Jaechul Lee [Mon, 30 Jan 2017 23:58:22 +0000 (08:58 +0900)]
packaging: Added '.gbs.conf' for partial build

Added gbs configuration file for enhanced building.
it makes gbs build faster than before.

Signed-off-by: Jaechul Lee <jcsing.lee@samsung.com>
7 years agopackaging: Made build scripts for GBS.
Jaechul Lee [Thu, 26 Jan 2017 01:13:24 +0000 (10:13 +0900)]
packaging: Made build scripts for GBS.

Build scripts were fixed to be worked on GBS environment based on gcc6.

Signed-off-by: Jaechul Lee <jcsing.lee@samsung.com>
7 years agoarm64: tizen_solis_defconfig: adjust smack options
Seung-Woo Kim [Wed, 25 Jan 2017 10:31:12 +0000 (19:31 +0900)]
arm64: tizen_solis_defconfig: adjust smack options

This patch adjusts smack options to enable smack netfilter and
smack append signals.

Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
7 years agonetfilter: nfnetlink_queue: add security context information
Roman Kubiak [Fri, 12 Jun 2015 10:32:57 +0000 (12:32 +0200)]
netfilter: nfnetlink_queue: add security context information

This patch adds an additional attribute when sending
packet information via netlink in netfilter_queue module.
It will send additional security context data, so that
userspace applications can verify this context against
their own security databases.

Signed-off-by: Roman Kubiak <r.kubiak@samsung.com>
Acked-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
7 years agoSmack: secmark connections
Casey Schaufler [Wed, 11 Feb 2015 20:52:32 +0000 (12:52 -0800)]
Smack: secmark connections

If the secmark is available us it on connection as
well as packet delivery.

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
7 years agoSmack: Repair netfilter dependency
Casey Schaufler [Fri, 23 Jan 2015 17:31:01 +0000 (09:31 -0800)]
Smack: Repair netfilter dependency

On 1/23/2015 8:20 AM, Jim Davis wrote:
> Building with the attached random configuration file,
>
> security/smack/smack_netfilter.c: In function ‘smack_ipv4_output’:
> security/smack/smack_netfilter.c:55:6: error: ‘struct sk_buff’ has no
> member named ‘secmark’
>    skb->secmark = skp->smk_secid;
>       ^
> make[2]: *** [security/smack/smack_netfilter.o] Error 1

The existing Makefile used the wrong configuration option to
determine if smack_netfilter should be built. This sets it right.

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
7 years agoSmack: secmark support for netfilter
Casey Schaufler [Sat, 13 Dec 2014 01:08:40 +0000 (17:08 -0800)]
Smack: secmark support for netfilter

Smack uses CIPSO to label internet packets and thus provide
for access control on delivery of packets. The netfilter facility
was not used to allow for Smack to work properly without netfilter
configuration. Smack does not need netfilter, however there are
cases where it would be handy.

As a side effect, the labeling of local IPv4 packets can be optimized
and the handling of local IPv6 packets is just all out better.

The best part is that the netfilter tools use "contexts" that
are just strings, and they work just as well for Smack as they
do for SELinux.

All of the conditional compilation for IPv6 was implemented
by Rafal Krypa <r.krypa@samsung.com>

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
7 years agoSmack: ignore private inode for file functions
Seung-Woo Kim [Mon, 12 Dec 2016 08:35:26 +0000 (17:35 +0900)]
Smack: ignore private inode for file functions

The access to fd from anon_inode is always failed because there is
no set xattr operations. So this patch fixes to ignore private
inode including anon_inode for file functions.

It was only ignored for smack_file_receive() to share dma-buf fd,
but dma-buf has other functions like ioctl and mmap.

Reference: https://lkml.org/lkml/2015/4/17/16

Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
7 years agoSmack: fix d_instantiate logic for sockfs and pipefs
Rafal Krypa [Fri, 9 Dec 2016 13:03:04 +0000 (14:03 +0100)]
Smack: fix d_instantiate logic for sockfs and pipefs

Since 4b936885a (v2.6.32) all inodes on sockfs and pipefs are disconnected.
It caused filesystem specific code in smack_d_instantiate to be skipped,
because all inodes on those pseudo filesystems were treated as root inodes.
As a result all sockfs inodes had the Smack label set to floor.

In most cases access checks for sockets use socket_smack data so the inode
label is not important. But there are special cases that were broken.
One example would be calling fcntl with F_SETOWN command on a socket fd.

Now smack_d_instantiate expects all pipefs and sockfs inodes to be
disconnected and has the logic in appropriate place.

Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
7 years agoSmack: Assign smack_known_web label for kernel thread's
jooseong lee [Thu, 3 Nov 2016 10:54:39 +0000 (11:54 +0100)]
Smack: Assign smack_known_web label for kernel thread's

Assign smack_known_web label for kernel thread's socket

Creating struct sock by sk_alloc function in various kernel subsystems
like bluetooth doesn't call smack_socket_post_create(). In such case,
received sock label is the floor('_') label and makes access deny.

Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
Acked-by: Casey Schaufler <casey@schaufler-ca.com>
7 years agoSmack: Signal delivery as an append operation
Casey Schaufler [Tue, 30 Aug 2016 17:31:39 +0000 (10:31 -0700)]
Smack: Signal delivery as an append operation

Under a strict subject/object security policy delivering a
signal or delivering network IPC could be considered either
a write or an append operation. The original choice to make
both write operations leads to an issue where IPC delivery
is desired under policy, but delivery of signals is not.
This patch provides the option of making signal delivery
an append operation, allowing Smack rules that deny signal
delivery while allowing IPC. This was requested for Tizen.

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
7 years agomodem_if: remove not necessary comparison
Seung-Woo Kim [Sat, 21 Jan 2017 03:32:05 +0000 (12:32 +0900)]
modem_if: remove not necessary comparison

The numerical comparison on boolean value causes build warning
with gcc 6, so this patch removes not necessary comparison.

Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
7 years agofix non proper indents for if clause
Seung-Woo Kim [Sat, 21 Jan 2017 03:28:57 +0000 (12:28 +0900)]
fix non proper indents for if clause

non proper indent for if clause causes build error with gcc 6. So
this patch fixes them.

Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
7 years agoSWAP-DA: remove invalid semicolons on energy module
Seung-Woo Kim [Sat, 21 Jan 2017 03:26:22 +0000 (12:26 +0900)]
SWAP-DA: remove invalid semicolons on energy module

There are invalid semicolons after if clause on energy module and
it causes following build error with gcc 6, so this patch removes
the invalid semicolons.

  kernel/swap/energy/energy.c: In function 'calc_wifi_recv_energy':
  kernel/swap/energy/energy.c:640:2: error: this 'if' clause does not guard... [-Werror=misleading-indentation]
    if (len <= 0 || check_wlan0(sock));
    ^~
  kernel/swap/energy/energy.c:641:3: note: ...this statement, but the latter is misleadingly indented as if it is guarded by the 'if'
     return;
     ^~~~~~
  kernel/swap/energy/energy.c: In function 'calc_wifi_send_energy':
  kernel/swap/energy/energy.c:653:2: error: this 'if' clause does not guard... [-Werror=misleading-indentation]
    if (len <= 0 || check_wlan0(sock));
    ^~
  kernel/swap/energy/energy.c:654:3: note: ...this statement, but the latter is misleadingly indented as if it is guarded by the 'if'
     return;
     ^~~~~~

Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
7 years agonet: bcm4358: fix not to check same value in macro
Seung-Woo Kim [Tue, 17 Jan 2017 04:22:22 +0000 (13:22 +0900)]
net: bcm4358: fix not to check same value in macro

When BCMBUSTYPE is not defined, then BUSTYPE(bustype) is just
bustype. So comparing bustype and BUSTYPE(bustype) is not necessary.

This patch removes following build warning with gcc 6.
   drivers/net/wireless/bcmdhd4358/siutils.c: In function 'si_doattach':
   drivers/net/wireless/bcmdhd4358/siutils.c:512:14: warning: self-comparison always evaluates to false [-Wtautological-compare]
     if (bustype != BUSTYPE(bustype)) {
                 ^~

Change-Id: I1cac3dd31bcb86983469830013a1093ed9ceaa89
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
7 years agotrace: remove invalid semicolon after if clause
Seung-Woo Kim [Sat, 21 Jan 2017 03:09:30 +0000 (12:09 +0900)]
trace: remove invalid semicolon after if clause

The commit 6f6f99a38132 ("trace: add non-hierarchical function_graph option"),
in https://android.googlesource.com/kernel/common.git/+/android-3.18,
added invalid semicolon after if clause, so it causes following
build error on gcc 6, so this patch removes the invalid seimicolon.

  kernel/trace/trace_output.c: In function 'trace_graph_ret_raw':
  kernel/trace/trace_output.c:976:2: error: this 'if' clause does not guard... [-Werror=misleading-indentation]
    if (!trace_seq_printf(&iter->seq, "%lx %lld %lld %ld %d\n",
    ^~
  kernel/trace/trace_output.c:982:3: note: ...this statement, but the latter is misleadingly indented as if it is guarded by the 'if'
     return TRACE_TYPE_PARTIAL_LINE;
     ^~~~~~

Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
7 years agokbuild: move -Wunused-const-variable to W=1 warning level
Arnd Bergmann [Tue, 10 May 2016 21:30:01 +0000 (23:30 +0200)]
kbuild: move -Wunused-const-variable to W=1 warning level

[ Upstream commit c9c6837d39311b0cc14cdbe7c18e815ab44aefb1 ]

gcc-6 started warning by default about variables that are not
used anywhere and that are marked 'const', generating many
false positives in an allmodconfig build, e.g.:

arch/arm/mach-davinci/board-da830-evm.c:282:20: warning: 'da830_evm_emif25_pins' defined but not used [-Wunused-const-variable=]
arch/arm/plat-omap/dmtimer.c:958:34: warning: 'omap_timer_match' defined but not used [-Wunused-const-variable=]
drivers/bluetooth/hci_bcm.c:625:39: warning: 'acpi_bcm_default_gpios' defined but not used [-Wunused-const-variable=]
drivers/char/hw_random/omap-rng.c:92:18: warning: 'reg_map_omap4' defined but not used [-Wunused-const-variable=]
drivers/devfreq/exynos/exynos5_bus.c:381:32: warning: 'exynos5_busfreq_int_pm' defined but not used [-Wunused-const-variable=]
drivers/dma/mv_xor.c:1139:34: warning: 'mv_xor_dt_ids' defined but not used [-Wunused-const-variable=]

This is similar to the existing -Wunused-but-set-variable warning
that was added in an earlier release and that we disable by default
now and only enable when W=1 is set, so it makes sense to do
the same here. Once we have eliminated the majority of the
warnings for both, we can put them back into the default list.

We probably want this in backport kernels as well, to allow building
them with gcc-6 without introducing extra warnings.

Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Acked-by: Olof Johansson <olof@lixom.net>
Acked-by: Lee Jones <lee.jones@linaro.org>
Cc: stable@vger.kernel.org
Signed-off-by: Michal Marek <mmarek@suse.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
7 years agocompiler-gcc: integrate the various compiler-gcc[345].h files
Joe Perches [Thu, 25 Jun 2015 22:01:02 +0000 (15:01 -0700)]
compiler-gcc: integrate the various compiler-gcc[345].h files

[ Upstream commit f320793e52aee78f0fbb8bcaf10e6614d2e67bfc ]

[ Upstream commit cb984d101b30eb7478d32df56a0023e4603cba7f ]

As gcc major version numbers are going to advance rather rapidly in the
future, there's no real value in separate files for each compiler
version.

Deduplicate some of the macros #defined in each file too.

Neaten comments using normal kernel commenting style.

Signed-off-by: Joe Perches <joe@perches.com>
Cc: Andi Kleen <andi@firstfloor.org>
Cc: Michal Marek <mmarek@suse.cz>
Cc: Segher Boessenkool <segher@kernel.crashing.org>
Cc: Sasha Levin <levinsasha928@gmail.com>
Cc: Anton Blanchard <anton@samba.org>
Cc: Alan Modra <amodra@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
7 years agobuild: add exynos system-tools script files
Seung-Woo Kim [Mon, 23 Jan 2017 07:53:32 +0000 (16:53 +0900)]
build: add exynos system-tools script files

This patch adds exynos system-tools script files to make
merged dtb file and merged kernel file with dtbs.

Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
7 years agoImported code from product.
Jaechul Lee [Thu, 26 Jan 2017 05:58:55 +0000 (14:58 +0900)]
Imported code from product.

Signed-off-by: Jaechul Lee <jcsing.lee@samsung.com>
9 years agoLinux 3.18.14 v3.18.14
Sasha Levin [Wed, 20 May 2015 15:04:50 +0000 (11:04 -0400)]
Linux 3.18.14

Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
9 years agoDrivers: hv: vmbus: Don't wait after requesting offers
K. Y. Srinivasan [Thu, 19 Mar 2015 15:11:34 +0000 (08:11 -0700)]
Drivers: hv: vmbus: Don't wait after requesting offers

[ Upstream commit 73cffdb65e679b98893f484063462c045adcf212 ]

Don't wait after sending request for offers to the host. This wait is
unnecessary and simply adds 5 seconds to the boot time.

Signed-off-by: K. Y. Srinivasan <kys@microsoft.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
9 years agohfsplus: don't store special "osx" xattr prefix on-disk
Thomas Hebb [Thu, 16 Apr 2015 19:47:18 +0000 (12:47 -0700)]
hfsplus: don't store special "osx" xattr prefix on-disk

[ Upstream commit db579e76f06e78de011b2cb7e028740a82f5558c ]

On Mac OS X, HFS+ extended attributes are not namespaced.  Since we want
to be compatible with OS X filesystems and yet still support the Linux
namespacing system, the hfsplus driver implements a special "osx"
namespace that is reported for any attribute that is not namespaced
on-disk.  However, the current code for getting and setting these
unprefixed attributes is broken.

hfsplus_osx_setattr() and hfsplus_osx_getattr() are passed names that have
already had their "osx." prefixes stripped by the generic functions.  The
functions first, quite correctly, check those names to make sure that they
aren't prefixed with a known namespace, which would allow namespace access
restrictions to be bypassed.  However, the functions then prepend "osx."
to the name they're given before passing it on to hfsplus_getattr() and
hfsplus_setattr().  Not only does this cause the "osx." prefix to be
stored on-disk, defeating its purpose, it also breaks the check for the
special "com.apple.FinderInfo" attribute, which is reported for all files,
and as a consequence makes some userspace applications (e.g.  GNU patch)
fail even when extended attributes are not otherwise in use.

There are five commits which have touched this particular code:

  127e5f5ae51e ("hfsplus: rework functionality of getting, setting and deleting of extended attributes")
  b168fff72109 ("hfsplus: use xattr handlers for removexattr")
  bf29e886b242 ("hfsplus: correct usage of HFSPLUS_ATTR_MAX_STRLEN for non-English attributes")
  fcacbd95e121 ("fs/hfsplus: move xattr_name allocation in hfsplus_getxattr()")
  ec1bbd346f18 ("fs/hfsplus: move xattr_name allocation in hfsplus_setxattr()")

The first commit creates the functions to begin with.  The namespace is
prepended by the original code, which I believe was correct at the time,
since hfsplus_?etattr() stripped the prefix if found.  The second commit
removes this behavior from hfsplus_?etattr() and appears to have been
intended to also remove the prefixing from hfsplus_osx_?etattr().
However, what it actually does is remove a necessary strncpy() call
completely, breaking the osx namespace entirely.  The third commit re-adds
the strncpy() call as it was originally, but doesn't mention it in its
commit message.  The final two commits refactor the code and don't affect
its functionality.

This commit does what b168fff attempted to do (prevent the prefix from
being added), but does it properly, instead of passing in an empty buffer
(which is what b168fff actually did).

Fixes: b168fff72109 ("hfsplus: use xattr handlers for removexattr")
Signed-off-by: Thomas Hebb <tommyhebb@gmail.com>
Cc: Hin-Tak Leung <htl10@users.sourceforge.net>
Cc: Sergei Antonov <saproj@gmail.com>
Cc: Anton Altaparmakov <anton@tuxera.com>
Cc: Fabian Frederick <fabf@skynet.be>
Cc: Christian Kujau <lists@nerdbynature.de>
Cc: Christoph Hellwig <hch@infradead.org>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Viacheslav Dubeyko <slava@dubeyko.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
9 years agodrm/radeon: check new address before removing old one
Christian König [Mon, 27 Apr 2015 15:04:36 +0000 (17:04 +0200)]
drm/radeon: check new address before removing old one

[ Upstream commit c29c0876ec05d51a93508a39b90b92c29ba6423d ]

Otherwise the change isn't atomic.

Signed-off-by: Christian König <christian.koenig@amd.com>
CC: stable@vger.kernel.org
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
9 years agodrm/radeon: add SI DPM quirk for Sapphire R9 270 Dual-X 2G GDDR5
Alex Deucher [Mon, 27 Apr 2015 13:51:43 +0000 (09:51 -0400)]
drm/radeon: add SI DPM quirk for Sapphire R9 270 Dual-X 2G GDDR5

[ Upstream commit cd17e02ff4db58ec32d35cf331c705d295779930 ]

Seems to have problems with high mclks.

bug:
https://bugs.freedesktop.org/show_bug.cgi?id=76490

Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
9 years agodrm/radeon: adjust pll when audio is not enabled
Alex Deucher [Sun, 19 Apr 2015 16:01:00 +0000 (12:01 -0400)]
drm/radeon: adjust pll when audio is not enabled

[ Upstream commit 7fe04d6fa824ccea704535a597dc417c8687f990 ]

Fixes display problems with some monitors when audio
is not enabled.

Bugs:
https://bugs.freedesktop.org/show_bug.cgi?id=89505
https://bugzilla.kernel.org/show_bug.cgi?id=94171
Plus several reports on IRC.

Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
9 years ago3w-sas: fix command completion race
Christoph Hellwig [Thu, 23 Apr 2015 07:48:49 +0000 (09:48 +0200)]
3w-sas: fix command completion race

[ Upstream commit 579d69bc1fd56d5af5761969aa529d1d1c188300 ]

The 3w-sas driver needs to tear down the dma mappings before returning
the command to the midlayer, as there is no guarantee the sglist and
count are valid after that point.  Also remove the dma mapping helpers
which have another inherent race due to the request_id index.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Reported-by: Torsten Luettgert <ml-lkml@enda.eu>
Tested-by: Bernd Kardatzki <Bernd.Kardatzki@med.uni-tuebingen.de>
Cc: stable@vger.kernel.org
Acked-by: Adam Radford <aradford@gmail.com>
Signed-off-by: James Bottomley <JBottomley@Odin.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
9 years ago3w-9xxx: fix command completion race
Christoph Hellwig [Thu, 23 Apr 2015 07:48:51 +0000 (09:48 +0200)]
3w-9xxx: fix command completion race

[ Upstream commit 118c855b5623f3e2e6204f02623d88c09e0c34de ]

The 3w-9xxx driver needs to tear down the dma mappings before returning
the command to the midlayer, as there is no guarantee the sglist and
count are valid after that point.  Also remove the dma mapping helpers
which have another inherent race due to the request_id index.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Cc: stable@vger.kernel.org
Acked-by: Adam Radford <aradford@gmail.com>
Signed-off-by: James Bottomley <JBottomley@Odin.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
9 years ago3w-xxxx: fix command completion race
Christoph Hellwig [Thu, 23 Apr 2015 07:48:50 +0000 (09:48 +0200)]
3w-xxxx: fix command completion race

[ Upstream commit 9cd9554615cba14f0877cc9972a6537ad2bdde61 ]

The 3w-xxxx driver needs to tear down the dma mappings before returning
the command to the midlayer, as there is no guarantee the sglist and
count are valid after that point.  Also remove the dma mapping helpers
which have another inherent race due to the request_id index.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Cc: stable@vger.kernel.org
Acked-by: Adam Radford <aradford@gmail.com>
Signed-off-by: James Bottomley <JBottomley@Odin.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
9 years agoext4: move check under lock scope to close a race.
Davide Italiano [Sun, 3 May 2015 03:21:15 +0000 (23:21 -0400)]
ext4: move check under lock scope to close a race.

[ Upstream commit 280227a75b56ab5d35854f3a77ef74a7ad56a203 ]

fallocate() checks that the file is extent-based and returns
EOPNOTSUPP in case is not. Other tasks can convert from and to
indirect and extent so it's safe to check only after grabbing
the inode mutex.

Signed-off-by: Davide Italiano <dccitaliano@gmail.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@vger.kernel.org
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
9 years agoext4: fix data corruption caused by unwritten and delayed extents
Lukas Czerner [Sun, 3 May 2015 01:36:55 +0000 (21:36 -0400)]
ext4: fix data corruption caused by unwritten and delayed extents

[ Upstream commit d2dc317d564a46dfc683978a2e5a4f91434e9711 ]

Currently it is possible to lose whole file system block worth of data
when we hit the specific interaction with unwritten and delayed extents
in status extent tree.

The problem is that when we insert delayed extent into extent status
tree the only way to get rid of it is when we write out delayed buffer.
However there is a limitation in the extent status tree implementation
so that when inserting unwritten extent should there be even a single
delayed block the whole unwritten extent would be marked as delayed.

At this point, there is no way to get rid of the delayed extents,
because there are no delayed buffers to write out. So when a we write
into said unwritten extent we will convert it to written, but it still
remains delayed.

When we try to write into that block later ext4_da_map_blocks() will set
the buffer new and delayed and map it to invalid block which causes
the rest of the block to be zeroed loosing already written data.

For now we can fix this by simply not allowing to set delayed status on
written extent in the extent status tree. Also add WARN_ON() to make
sure that we notice if this happens in the future.

This problem can be easily reproduced by running the following xfs_io.

xfs_io -f -c "pwrite -S 0xaa 4096 2048" \
          -c "falloc 0 131072" \
          -c "pwrite -S 0xbb 65536 2048" \
          -c "fsync" /mnt/test/fff

echo 3 > /proc/sys/vm/drop_caches
xfs_io -c "pwrite -S 0xdd 67584 2048" /mnt/test/fff

This can be theoretically also reproduced by at random by running fsx,
but it's not very reliable, though on machines with bigger page size
(like ppc) this can be seen more often (especially xfstest generic/127)

Signed-off-by: Lukas Czerner <lczerner@redhat.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@vger.kernel.org
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
9 years agouas: Set max_sectors_240 quirk for ASM1053 devices
Hans de Goede [Tue, 21 Apr 2015 09:20:32 +0000 (11:20 +0200)]
uas: Set max_sectors_240 quirk for ASM1053 devices

[ Upstream commit 8e779c6c4a398763c21371fe40f649206041dc1e ]

Testing has shown that ASM1053 devices do not work properly with transfers
larger than 240 sectors, so set max_sectors to 240 on these.

Cc: stable@vger.kernel.org # 3.16
Reported-by: Steve Bangert <sbangert@frontier.com>
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Tested-by: Steve Bangert <sbangert@frontier.com>
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
9 years agouas: Add US_FL_MAX_SECTORS_240 flag
Hans de Goede [Tue, 21 Apr 2015 09:20:31 +0000 (11:20 +0200)]
uas: Add US_FL_MAX_SECTORS_240 flag

[ Upstream commit ee136af4a064c2f61e2025873584d2c7ec93f4ae ]

The usb-storage driver sets max_sectors = 240 in its scsi-host template,
for uas we do not want to do that for all devices, but testing has shown
that some devices need it.

This commit adds a US_FL_MAX_SECTORS_240 flag for such devices, and
implements support for it in uas.c, while at it it also adds support
for US_FL_MAX_SECTORS_64 to uas.c.

Cc: stable@vger.kernel.org # 3.16
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
9 years agouas: Allow uas_use_uas_driver to return usb-storage flags
Hans de Goede [Tue, 21 Apr 2015 09:20:30 +0000 (11:20 +0200)]
uas: Allow uas_use_uas_driver to return usb-storage flags

[ Upstream commit a5011d44f0e1117a6db14b19b57c51f8be5673a0 ]

uas_use_uas_driver may set some US_FL_foo flags during detection, currently
these are stored in a local variable and then throw away, but these may be
of interest to the caller, so add an extra parameter to (optionally) return
the detected flags, and use this in the uas driver.

Cc: stable@vger.kernel.org # 3.16
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
9 years agorbd: end I/O the entire obj_request on error
Ilya Dryomov [Sat, 25 Apr 2015 12:56:15 +0000 (15:56 +0300)]
rbd: end I/O the entire obj_request on error

[ Upstream commit 082a75dad84d79d1c15ea9e50f31cb4bb4fa7fd6 ]

When we end I/O struct request with error, we need to pass
obj_request->length as @nr_bytes so that the entire obj_request worth
of bytes is completed.  Otherwise block layer ends up confused and we
trip on

    rbd_assert(more ^ (which == img_request->obj_request_count));

in rbd_img_obj_callback() due to more being true no matter what.  We
already do it in most cases but we are missing some, in particular
those where we don't even get a chance to submit any obj_requests, due
to an early -ENOMEM for example.

A number of obj_request->xferred assignments seem to be redundant but
I haven't touched any of obj_request->xferred stuff to keep this small
and isolated.

Cc: Alex Elder <elder@linaro.org>
Cc: stable@vger.kernel.org # 3.10+
Reported-by: Shawn Edwards <lesser.evil@gmail.com>
Reviewed-by: Sage Weil <sage@redhat.com>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
9 years agotty/serial: at91: maxburst was missing for dma transfers
Ludovic Desroches [Thu, 16 Apr 2015 14:58:12 +0000 (16:58 +0200)]
tty/serial: at91: maxburst was missing for dma transfers

[ Upstream commit a8d4e01637902311c5643b69a5c80e2805f04054 ]

Maxburst was not set when doing the dma slave configuration. This value
is checked by the recently introduced xdmac. It causes an error when
doing the slave configuration and so prevents from using dma.

Signed-off-by: Ludovic Desroches <ludovic.desroches@atmel.com>
Cc: <stable@vger.kernel.org> # 3.12 and later
Acked-by: Nicolas Ferre <nicolas.ferre@atmel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
9 years agoACPI / SBS: Enable battery manager when present
Chris Bainbridge [Wed, 22 Apr 2015 15:40:21 +0000 (16:40 +0100)]
ACPI / SBS: Enable battery manager when present

[ Upstream commit 61f8ff693923e4b19748b0e8287b99778f2661c7 ]

Commit 9faf6136ff46 (ACPI / SBS: Disable smart battery manager on
Apple) introduced a regression disabling the SBS battery manager.
The battery manager should be marked as present when
acpi_manager_get_info() returns 0.

Fixes: 9faf6136ff46 (ACPI / SBS: Disable smart battery manager on Apple)
Signed-off-by: Chris Bainbridge <chris.bainbridge@gmail.com>
Cc: 3.18+ <stable@vger.kernel.org> # 3.18+
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
9 years agobtrfs: unlock i_mutex after attempting to delete subvolume during send
Omar Sandoval [Fri, 10 Apr 2015 21:20:40 +0000 (14:20 -0700)]
btrfs: unlock i_mutex after attempting to delete subvolume during send

[ Upstream commit 909e26dce3f7600f5e293ac0522c28790a0c8c9c ]

Whenever the check for a send in progress introduced in commit
521e0546c970 (btrfs: protect snapshots from deleting during send) is
hit, we return without unlocking inode->i_mutex. This is easy to see
with lockdep enabled:

[  +0.000059] ================================================
[  +0.000028] [ BUG: lock held when returning to user space! ]
[  +0.000029] 4.0.0-rc5-00096-g3c435c1 #93 Not tainted
[  +0.000026] ------------------------------------------------
[  +0.000029] btrfs/211 is leaving the kernel with locks still held!
[  +0.000029] 1 lock held by btrfs/211:
[  +0.000023]  #0:  (&type->i_mutex_dir_key){+.+.+.}, at: [<ffffffff8135b8df>] btrfs_ioctl_snap_destroy+0x2df/0x7a0

Make sure we unlock it in the error path.

Reviewed-by: Filipe Manana <fdmanana@suse.com>
Reviewed-by: David Sterba <dsterba@suse.cz>
Cc: stable@vger.kernel.org
Signed-off-by: Omar Sandoval <osandov@osandov.com>
Signed-off-by: Chris Mason <clm@fb.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
9 years agoASoC: rt5677: fixed wrong DMIC ref clock
Bard Liao [Tue, 28 Apr 2015 03:27:39 +0000 (11:27 +0800)]
ASoC: rt5677: fixed wrong DMIC ref clock

[ Upstream commit 60a8d62b8497c23eb3d48149af7e55dac2dd83a2 ]

DMIC clock source is not from codec system clock directly. it is
generated from the division of system clock. And it should be 256 *
sample rate of AIF1.

Signed-off-by: Bard Liao <bardliao@realtek.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
Cc: stable@vger.kernel.org
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
9 years agoASoC: dapm: Enable autodisable on SOC_DAPM_SINGLE_TLV_AUTODISABLE
Charles Keepax [Wed, 22 Apr 2015 12:58:47 +0000 (13:58 +0100)]
ASoC: dapm: Enable autodisable on SOC_DAPM_SINGLE_TLV_AUTODISABLE

[ Upstream commit a2d97723cb3a7741af81868427b36bba274b681b ]

Correct small copy and paste error where autodisable was not being
enabled for the SOC_DAPM_SINGLE_TLV_AUTODISABLE control.

Signed-off-by: Charles Keepax <ckeepax@opensource.wolfsonmicro.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
Cc: stable@vger.kernel.org
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
9 years agoASoC: samsung: s3c24xx-i2s: Fix return value check in s3c24xx_iis_dev_probe()
Wei Yongjun [Thu, 16 Apr 2015 12:18:02 +0000 (20:18 +0800)]
ASoC: samsung: s3c24xx-i2s: Fix return value check in s3c24xx_iis_dev_probe()

[ Upstream commit c479163a1b6ab424786fbcd9225b4e3c1c58eb0b ]

In case of error, the function devm_ioremap_resource() returns
ERR_PTR() and never returns NULL. The NULL test in the return
value check should be replaced with IS_ERR().

Signed-off-by: Wei Yongjun <yongjun_wei@trendmicro.com.cn>
Reviewed-by: Krzysztof Kozlowski <k.kozlowski.k@gmail.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
Cc: stable@vger.kernel.org
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
9 years agousb: chipidea: otg: remove mutex unlock and lock while stop and start role
Li Jun [Sun, 12 Apr 2015 09:51:02 +0000 (17:51 +0800)]
usb: chipidea: otg: remove mutex unlock and lock while stop and start role

[ Upstream commit a5a356cee89f86ff86cc3ce24136ca1f802c1bf1 ]

Wrongly release mutex lock during otg_statemachine may result in re-enter
otg_statemachine, which is not allowed, we should do next state transtition
after previous one completed.

Fixes: 826cfe751f3e ("usb: chipidea: add OTG fsm operation functions implementation")
Cc: <stable@vger.kernel.org> # v3.16+
Signed-off-by: Li Jun <jun.li@freescale.com>
Signed-off-by: Peter Chen <peter.chen@freescale.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
9 years agoarm64: dma-mapping: always clear allocated buffers
Marek Szyprowski [Thu, 23 Apr 2015 11:46:16 +0000 (12:46 +0100)]
arm64: dma-mapping: always clear allocated buffers

[ Upstream commit 6829e274a623187c24f7cfc0e3d35f25d087fcc5 ]

Buffers allocated by dma_alloc_coherent() are always zeroed on Alpha,
ARM (32bit), MIPS, PowerPC, x86/x86_64 and probably other architectures.
It turned out that some drivers rely on this 'feature'. Allocated buffer
might be also exposed to userspace with dma_mmap() call, so clearing it
is desired from security point of view to avoid exposing random memory
to userspace. This patch unifies dma_alloc_coherent() behavior on ARM64
architecture with other implementations by unconditionally zeroing
allocated buffer.

Cc: <stable@vger.kernel.org> # v3.14+
Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
9 years agoserial: xilinx: Use platform_get_irq to get irq description structure
Michal Simek [Mon, 13 Apr 2015 14:34:21 +0000 (16:34 +0200)]
serial: xilinx: Use platform_get_irq to get irq description structure

[ Upstream commit 5c90c07b98c02198d9777a7c4f3047b0a94bf7ed ]

For systems with CONFIG_SERIAL_OF_PLATFORM=y and device_type =
"serial"; property in DT of_serial.c driver maps and unmaps IRQ (because
driver probe fails). Then a driver is called but irq mapping is not
created that's why driver is failing again in again on request_irq().
Based on this use platform_get_irq() instead of platform_get_resource()
which is doing irq_desc allocation and driver itself can request IRQ.

Fix both xilinx serial drivers in the tree.

Signed-off-by: Michal Simek <michal.simek@xilinx.com>
CC: <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
9 years agoserial: of-serial: Remove device_type = "serial" registration
Michal Simek [Tue, 14 Apr 2015 10:03:09 +0000 (12:03 +0200)]
serial: of-serial: Remove device_type = "serial" registration

[ Upstream commit 6befa9d883385c580369a2cc9e53fbf329771f6d ]

Do not probe all serial drivers by of_serial.c which are using
device_type = "serial"; property. Only drivers which have valid
compatible strings listed in the driver should be probed.

When PORT_UNKNOWN is setup probe will fail anyway.

Arnd quotation about driver historical background:
"when I wrote that driver initially, the idea was that it would
get used as a stub to hook up all other serial drivers but after
that, the common code learned to create platform devices from DT"

This patch fix the problem with on the system with xilinx_uartps and
16550a where of_serial failed to register for xilinx_uartps and because
of irq_dispose_mapping() removed irq_desc. Then when xilinx_uartps was asking
for irq with request_irq() EINVAL is returned.

Signed-off-by: Michal Simek <michal.simek@xilinx.com>
CC: <stable@vger.kernel.org>
Acked-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
9 years agocdc-acm: prevent infinite loop when parsing CDC headers.
Quentin Casasnovas [Tue, 14 Apr 2015 09:25:43 +0000 (11:25 +0200)]
cdc-acm: prevent infinite loop when parsing CDC headers.

[ Upstream commit 0d3bba0287d4e284c3ec7d3397e81eec920d5e7e ]

Phil and I found out a problem with commit:

  7e860a6e7aa6 ("cdc-acm: add sanity checks")

It added some sanity checks to ignore potential garbage in CDC headers but
also introduced a potential infinite loop.  This can happen at the first
loop iteration (elength = 0 in that case) if the description isn't a
DT_CS_INTERFACE or later if 'buffer[0]' is zero.

It should also be noted that the wrong length was being added to 'buffer'
in case 'buffer[1]' was not a DT_CS_INTERFACE descriptor, since elength was
assigned after that check in the loop.

A specially crafted USB device could be used to trigger this infinite loop.

Fixes: 7e860a6e7aa6 ("cdc-acm: add sanity checks")
Signed-off-by: Phil Turnbull <phil.turnbull@oracle.com>
Signed-off-by: Quentin Casasnovas <quentin.casasnovas@oracle.com>
CC: Sergei Shtylyov <sergei.shtylyov@cogentembedded.com>
CC: Oliver Neukum <oneukum@suse.de>
CC: Adam Lee <adam8157@gmail.com>
CC: <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
9 years agocdc-acm: add sanity checks
Oliver Neukum [Wed, 28 Jan 2015 10:14:55 +0000 (11:14 +0100)]
cdc-acm: add sanity checks

[ Upstream commit 7e860a6e7aa62b337a61110430cd633db5b0d2dd ]

Check the special CDC headers for a plausible minimum length.
Another big operating systems ignores such garbage.

Signed-off-by: Oliver Neukum <oneukum@suse.de>
CC: stable@vger.kernel.org
Reviewed-by: Adam Lee <adam8157@gmail.com>
Tested-by: Adam Lee <adam8157@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
9 years agoALSA: hda - Add mute-LED mode control to Thinkpad
Takashi Iwai [Mon, 27 Apr 2015 08:40:45 +0000 (10:40 +0200)]
ALSA: hda - Add mute-LED mode control to Thinkpad

[ Upstream commit 7290006d8c0900c56d8c58428134f02c35109d17 ]

This patch adds the missing flag to enable "Mute-LED Mode" mixer enum
ctl for Thinkpads that have also the software mute-LED control.

Reported-and-tested-by: Pali Rohár <pali.rohar@gmail.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
9 years agoALSA: emu10k1: Emu10k2 32 bit DMA mode
Peter Zubaj [Tue, 28 Apr 2015 19:57:29 +0000 (21:57 +0200)]
ALSA: emu10k1: Emu10k2 32 bit DMA mode

[ Upstream commit 7241ea558c6715501e777396b5fc312c372e11d9 ]

Looks like audigy emu10k2 (probably emu10k1 - sb live too) support two
modes for DMA. Second mode is useful for 64 bit os with more then 2 GB
of ram (fixes problems with big soundfont loading)

1) 32MB from 2 GB address space using 8192 pages (used now as default)
2) 16MB from 4 GB address space using 4096 pages

Mode is set using HCFG_EXPANDED_MEM flag in HCFG register.
Also format of emu10k2 page table is then different.

Signed-off-by: Peter Zubaj <pzubaj@marticonet.sk>
Tested-by: Takashi Iwai <tiwai@suse.de>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
9 years agoALSA: emu10k1: Fix card shortname string buffer overflow
Takashi Iwai [Mon, 27 Apr 2015 11:00:09 +0000 (13:00 +0200)]
ALSA: emu10k1: Fix card shortname string buffer overflow

[ Upstream commit d02260824e2cad626fb2a9d62e27006d34b6dedc ]

Some models provide too long string for the shortname that has 32bytes
including the terminator, and it results in a non-terminated string
exposed to the user-space.  This isn't too critical, though, as the
string is stopped at the succeeding longname string.

This patch fixes such entries by dropping "SB" prefix (it's enough to
fit within 32 bytes, so far).  Meanwhile, it also changes strcpy()
with strlcpy() to make sure that this kind of problem won't happen in
future, too.

Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
9 years agoALSA: emux: Fix mutex deadlock in OSS emulation
Takashi Iwai [Tue, 28 Apr 2015 15:11:44 +0000 (17:11 +0200)]
ALSA: emux: Fix mutex deadlock in OSS emulation

[ Upstream commit 1c94e65c668f44d2c69ae7e7fc268ab3268fba3e ]

The OSS emulation in synth-emux helper has a potential AB/BA deadlock
at the simultaneous closing and opening:

  close ->
    snd_seq_release() ->
      sne_seq_free_client() ->
        snd_seq_delete_all_ports(): takes client->ports_mutex ->
  port_delete() ->
    snd_emux_unuse(): takes emux->register_mutex

  open ->
    snd_seq_oss_open() ->
      snd_emux_open_seq_oss(): takes emux->register_mutex ->
        snd_seq_event_port_attach() ->
  snd_seq_create_port(): takes client->ports_mutex

This patch addresses the deadlock by reducing the rance taking
emux->register_mutex in snd_emux_open_seq_oss().  The lock is needed
for the refcount handling, so move it locally.  The calls in
emux_seq.c are already with the mutex, thus they are replaced with the
version without mutex lock/unlock.

Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
9 years agoALSA: emux: Fix mutex deadlock at unloading
Takashi Iwai [Mon, 27 Apr 2015 12:50:39 +0000 (14:50 +0200)]
ALSA: emux: Fix mutex deadlock at unloading

[ Upstream commit 07b0e5d49d227e3950cb13a3e8caf248ef2a310e ]

The emux-synth driver has a possible AB/BA mutex deadlock at unloading
the emu10k1 driver:

  snd_emux_free() ->
    snd_emux_detach_seq(): mutex_lock(&emu->register_mutex) ->
      snd_seq_delete_kernel_client() ->
        snd_seq_free_client(): mutex_lock(&register_mutex)

  snd_seq_release() ->
    snd_seq_free_client(): mutex_lock(&register_mutex) ->
      snd_seq_delete_all_ports() ->
        snd_emux_unuse(): mutex_lock(&emu->register_mutex)

Basically snd_emux_detach_seq() doesn't need a protection of
emu->register_mutex as it's already being unregistered.  So, we can
get rid of this for avoiding the deadlock.

Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
9 years agoMIPS: BCM47XX: Fix detecting Microsoft MN-700 & Asus WL500G
Rafał Miłecki [Wed, 1 Apr 2015 14:01:02 +0000 (16:01 +0200)]
MIPS: BCM47XX: Fix detecting Microsoft MN-700 & Asus WL500G

[ Upstream commit 96f7c21363e0e0d19f3471f54a719ed06d708513 ]

Since the day of adding this code it was broken. We were iterating over
a wrong array and checking for wrong NVRAM entry.

Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
Cc: linux-mips@linux-mips.org
Cc: Hauke Mehrtens <hauke@hauke-m.de>
Patchwork: https://patchwork.linux-mips.org/patch/9654/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
9 years agoMIPS: Kconfig: Disable SMP/CPS for 64-bit
Markos Chandras [Tue, 25 Nov 2014 09:15:45 +0000 (09:15 +0000)]
MIPS: Kconfig: Disable SMP/CPS for 64-bit

[ Upstream commit 6ca716f2e5571d25a3899c6c5c91ff72ea6d6f5e ]

A 64-bit build for Malta produces far too many build problems
when SMP/CPS is selected. Moreover, there is currently no 64-bit
product with SMP/CPS so we disable SMP/CPS when building for
64-bit until it is properly supported.

Signed-off-by: Markos Chandras <markos.chandras@imgtec.com>
Cc: Paul Burton <paul.burton@imgtec.com>
Cc: linux-mips@linux-mips.org
Patchwork: https://patchwork.linux-mips.org/patch/8573/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
9 years agoMIPS: smp-cps: cpu_set FPU mask if FPU present
Niklas Cassel [Thu, 15 Jan 2015 15:41:13 +0000 (16:41 +0100)]
MIPS: smp-cps: cpu_set FPU mask if FPU present

[ Upstream commit 90db024f140d0d6ad960cc5f090e3c8ed890ca55 ]

If we have an FPU, enroll ourselves in the FPU-full mask.
Matching the MT_SMP and CMP implementations of smp_setup.

Signed-off-by: Niklas Cassel <niklass@axis.com>
Cc: paul.burton@imgtec.com
Cc: linux-mips@linux-mips.org
Patchwork: https://patchwork.linux-mips.org/patch/8948/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
9 years agoMIPS: ralink: add missing symbol for RALINK_ILL_ACC
John Crispin [Mon, 23 Feb 2015 05:17:33 +0000 (06:17 +0100)]
MIPS: ralink: add missing symbol for RALINK_ILL_ACC

[ Upstream commit a7b7aad383c5dd9221a06e378197350dd27c1163 ]

A driver was added in commit 5433acd81e87 ("MIPS: ralink: add illegal access
driver") without the Kconfig section being added. Fix this by adding the symbol
to the Kconfig file.

Signed-off-by: John Crispin <blogic@openwrt.org>
Reported-by: Paul Bolle <pebolle@tiscali.nl>
Cc: linux-mips@linux-mips.org
Patchwork: https://patchwork.linux-mips.org/patch/9299/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
9 years agoSSB: fix Kconfig dependencies
Adrien Schildknecht [Wed, 25 Mar 2015 15:31:42 +0000 (16:31 +0100)]
SSB: fix Kconfig dependencies

[ Upstream commit 179fa46fb666c8f2aa2bbb1f3114d5d826d59d3d ]

The commit 21400f252a97 ("MIPS: BCM47XX: Make ssb init NVRAM instead of
bcm47xx polling it") introduces a dependency to SSB_SFLASH but did not
add it to the Kconfig.

drivers/ssb/driver_mipscore.c:216:36: error: 'struct ssb_mipscore' has no
member named 'sflash'
  struct ssb_sflash *sflash = &mcore->sflash;
                                    ^
drivers/ssb/driver_mipscore.c:249:12: error: dereferencing pointer to
incomplete type
  if (sflash->present) {
            ^

Signed-off-by: Adrien Schildknecht <adrien+dev@schischi.me>
Cc: m@bues.ch
Cc: zajec5@gmail.com
Cc: linux-mips@linux-mips.org
Cc: linux-kernel@vger.kernel.org
Patchwork: https://patchwork.linux-mips.org/patch/9598/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
9 years agoMIPS: Octeon: Delete override of cpu_has_mips_r2_exec_hazard.
Ralf Baechle [Wed, 25 Mar 2015 12:21:51 +0000 (13:21 +0100)]
MIPS: Octeon: Delete override of cpu_has_mips_r2_exec_hazard.

[ Upstream commit f05ff43355e6997c18f82ddcee370a6e5f8643ce ]

This is no longer needed with the fixed, new and improved definition
of cpu_has_mips_r2_exec_hazard in <asm/cpu-features.h>.

For a discussion, see http://patchwork.linux-mips.org/patch/9539/.

Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
9 years agoMIPS: kernel: entry.S: Set correct ISA level for mips_ihb
Markos Chandras [Tue, 3 Mar 2015 18:48:49 +0000 (18:48 +0000)]
MIPS: kernel: entry.S: Set correct ISA level for mips_ihb

[ Upstream commit aebac99384f7a6d83a3dcd42bf2481eed2670083 ]

Commit 6ebb496ffc7e("MIPS: kernel: entry.S: Add MIPS R6 related
definitions") added the MIPSR6 definition but it did not update the
ISA level of the actual assembly code so a pre-MIPSR6 jr.hb instruction
was generated instead. Fix this by using the MISP_ISA_LEVEL_RAW macro.

Signed-off-by: Markos Chandras <markos.chandras@imgtec.com>
Fixes: 6ebb496ffc7e("MIPS: kernel: entry.S: Add MIPS R6 related definitions")
Cc: linux-mips@linux-mips.org
Patchwork: https://patchwork.linux-mips.org/patch/9386/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
9 years agoMIPS: Netlogic: Fix for SATA PHY init
Ganesan Ramalingam [Wed, 7 Jan 2015 11:28:26 +0000 (16:58 +0530)]
MIPS: Netlogic: Fix for SATA PHY init

[ Upstream commit 872cd4c2c617bb3a203ebe18115fd0c697112b87 ]

Update to the SATA PHY initialization. This is needed for SATA detection
to succeed in all configurations.

Signed-off-by: Ganesan Ramalingam <ganesanr@broadcom.com>
Signed-off-by: Jayachandran C <jchandra@broadcom.com>
Cc: linux-mips@linux-mips.org
Patchwork: https://patchwork.linux-mips.org/patch/8886/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
9 years agoMIPS: OCTEON: fix PCI interrupt mapping for D-Link DSR-1000N
Aaro Koskinen [Sun, 22 Mar 2015 15:55:39 +0000 (17:55 +0200)]
MIPS: OCTEON: fix PCI interrupt mapping for D-Link DSR-1000N

[ Upstream commit b083518c52ab75a345d668ca7fa41e530df08d51 ]

Fix PCI interrupt mapping for DSR1000N. This will get the PCI slot
interrupts working. The mapping is based on D-Link GPL tarball.

Signed-off-by: Aaro Koskinen <aaro.koskinen@iki.fi>
Cc: linux-mips@linux-mips.org
Patchwork: https://patchwork.linux-mips.org/patch/9593/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
9 years agoMIPS: Octeon: Remove udelay() causing huge IRQ latency
Alexander Sverdlin [Wed, 18 Mar 2015 13:05:21 +0000 (14:05 +0100)]
MIPS: Octeon: Remove udelay() causing huge IRQ latency

[ Upstream commit 73bf3c2a500b2db8ac966469591196bf55afb409 ]

udelay() in PCI/PCIe read/write callbacks cause 30ms IRQ latency on Octeon
platforms because these operations are called from PCI_OP_READ() and
PCI_OP_WRITE() under raw_spin_lock_irqsave().

Signed-off-by: Alexander Sverdlin <alexander.sverdlin@nokia.com>
Cc: linux-mips@linux-mips.org
Cc: David Daney <ddaney@cavium.com>
Cc: Rob Herring <robh@kernel.org>
Cc: Jiri Kosina <jkosina@suse.cz>
Cc: Randy Dunlap <rdunlap@infradead.org>
Cc: Masanari Iida <standby24x7@gmail.com>
Cc: Bjorn Helgaas <bhelgaas@google.com>
Cc: Mathias <mathias.rulf@nokia.com>
Patchwork: https://patchwork.linux-mips.org/patch/9576/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
9 years agoclk: at91: usb: fix determine_rate prototype
Boris Brezillon [Sat, 16 May 2015 00:11:36 +0000 (20:11 -0400)]
clk: at91: usb: fix determine_rate prototype

Commit c67881fc890916206e723329e774391c6ed354ce is a backport of
0b67c43ce36a9964f1d5e3f973ee19eefd3f9f8f upstream commit, fixing a
bug on clk rate change propagation.
But in 4.0 ->determine_rate() prototype has changed, thus introducing
a prototype mismatch when applying it on 3.19.

Signed-off-by: Boris Brezillon <boris.brezillon@free-electrons.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
9 years agoMIPS: OCTEON: dma-octeon: fix OHCI USB config check
Aaro Koskinen [Wed, 4 Mar 2015 21:08:49 +0000 (23:08 +0200)]
MIPS: OCTEON: dma-octeon: fix OHCI USB config check

[ Upstream commit a8667d706dfa394ef9fe5f9013dee92d40a096e8 ]

CONFIG_USB_OCTEON_OHCI is deprecated and no longer needed to use OHCI
on OCTEON II. Instead, CONFIG_USB_OHCI_HCD_PLATFORM should be used.

Signed-off-by: Aaro Koskinen <aaro.koskinen@iki.fi>
Cc: Aleksey Makarov <aleksey.makarov@auriga.com>
Cc: David Daney <david.daney@cavium.com>
Cc: linux-mips@linux-mips.org
Patchwork: https://patchwork.linux-mips.org/patch/9421/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
9 years agoMIPS: BCM63xx: Move bcm63xx_gpio_init() to bcm63xx_register_devices().
Nicolas Schichan [Thu, 12 Mar 2015 16:00:58 +0000 (17:00 +0100)]
MIPS: BCM63xx: Move bcm63xx_gpio_init() to bcm63xx_register_devices().

[ Upstream commit 2ec459f2a77b808c1e5a3616c88b613d3f720c8d ]

When called from prom init code, bcm63xx_gpio_init() will fail as it
will call gpiochip_add() which relies on a working kmalloc() to alloc
the gpio_desc array and kmalloc is not useable yet at prom init time.

Move bcm63xx_gpio_init() to bcm63xx_register_devices() (an
arch_initcall) where kmalloc works.

Fixes: 14e85c0e69d5 ("gpio: remove gpio_descs global array")

Signed-off-by: Nicolas Schichan <nschichan@freebox.fr>
Cc: linux-mips@linux-mips.org
Cc: linux-kernel@vger.kernel.org
Cc: Alexandre Courbot <acourbot@nvidia.com>
Patchwork: https://patchwork.linux-mips.org/patch/9530/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
9 years agobpf: fix 64-bit divide
Alexei Starovoitov [Mon, 27 Apr 2015 21:40:37 +0000 (14:40 -0700)]
bpf: fix 64-bit divide

[ Upstream commit 876a7ae65b86d8cec8efe7d15d050ac61116874e ]

ALU64_DIV instruction should be dividing 64-bit by 64-bit,
whereas do_div() does 64-bit by 32-bit divide.
x64 and arm64 JITs correctly implement 64 by 64 unsigned divide.
llvm BPF backend emits code assuming that ALU64_DIV does 64 by 64.

Fixes: 89aa075832b0 ("net: sock: allow eBPF programs to be attached to sockets")
Reported-by: Michael Holzheu <holzheu@linux.vnet.ibm.com>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Alexei Starovoitov <ast@plumgrid.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
9 years agofs: take i_mutex during prepare_binprm for set[ug]id executables
Jann Horn [Sun, 19 Apr 2015 00:48:39 +0000 (02:48 +0200)]
fs: take i_mutex during prepare_binprm for set[ug]id executables

[ Upstream commit 8b01fc86b9f425899f8a3a8fc1c47d73c2c20543 ]

This prevents a race between chown() and execve(), where chowning a
setuid-user binary to root would momentarily make the binary setuid
root.

This patch was mostly written by Linus Torvalds.

Signed-off-by: Jann Horn <jann@thejh.net>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
9 years agortlwifi: rtl8192ee: Fix handling of new style descriptors
Troy Tan [Tue, 3 Feb 2015 17:15:17 +0000 (11:15 -0600)]
rtlwifi: rtl8192ee: Fix handling of new style descriptors

[ Upstream commit d0311314d00298f83aa5450a1d4a92889e7cc2ea ]

The hardware and firmware for the RTL8192EE utilize a FIFO list of
descriptors. There were some problems with the initial implementation.
The worst of these failed to detect that the FIFO was becoming full,
which led to the device needing to be power cycled. As this condition
is not relevant to most of the devices supported by rtlwifi, a callback
routine was added to detect this situation. This patch implements the
necessary changes in the pci handler, and the linkage into the appropriate
rtl8192ee routine.

Signed-off-by: Troy Tan <troy_tan@realsil.com.cn>
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Cc: Stable <stable@vger.kernel.org> [V3.18]
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
9 years agomm/hugetlb: take page table lock in follow_huge_pmd()
Naoya Horiguchi [Wed, 11 Feb 2015 23:25:22 +0000 (15:25 -0800)]
mm/hugetlb: take page table lock in follow_huge_pmd()

[ Upstream commit e66f17ff71772b209eed39de35aaa99ba819c93d ]

We have a race condition between move_pages() and freeing hugepages, where
move_pages() calls follow_page(FOLL_GET) for hugepages internally and
tries to get its refcount without preventing concurrent freeing.  This
race crashes the kernel, so this patch fixes it by moving FOLL_GET code
for hugepages into follow_huge_pmd() with taking the page table lock.

This patch intentionally removes page==NULL check after pte_page.
This is justified because pte_page() never returns NULL for any
architectures or configurations.

This patch changes the behavior of follow_huge_pmd() for tail pages and
then tail pages can be pinned/returned.  So the caller must be changed to
properly handle the returned tail pages.

We could have a choice to add the similar locking to
follow_huge_(addr|pud) for consistency, but it's not necessary because
currently these functions don't support FOLL_GET flag, so let's leave it
for future development.

Here is the reproducer:

  $ cat movepages.c
  #include <stdio.h>
  #include <stdlib.h>
  #include <numaif.h>

  #define ADDR_INPUT      0x700000000000UL
  #define HPS             0x200000
  #define PS              0x1000

  int main(int argc, char *argv[]) {
          int i;
          int nr_hp = strtol(argv[1], NULL, 0);
          int nr_p  = nr_hp * HPS / PS;
          int ret;
          void **addrs;
          int *status;
          int *nodes;
          pid_t pid;

          pid = strtol(argv[2], NULL, 0);
          addrs  = malloc(sizeof(char *) * nr_p + 1);
          status = malloc(sizeof(char *) * nr_p + 1);
          nodes  = malloc(sizeof(char *) * nr_p + 1);

          while (1) {
                  for (i = 0; i < nr_p; i++) {
                          addrs[i] = (void *)ADDR_INPUT + i * PS;
                          nodes[i] = 1;
                          status[i] = 0;
                  }
                  ret = numa_move_pages(pid, nr_p, addrs, nodes, status,
                                        MPOL_MF_MOVE_ALL);
                  if (ret == -1)
                          err("move_pages");

                  for (i = 0; i < nr_p; i++) {
                          addrs[i] = (void *)ADDR_INPUT + i * PS;
                          nodes[i] = 0;
                          status[i] = 0;
                  }
                  ret = numa_move_pages(pid, nr_p, addrs, nodes, status,
                                        MPOL_MF_MOVE_ALL);
                  if (ret == -1)
                          err("move_pages");
          }
          return 0;
  }

  $ cat hugepage.c
  #include <stdio.h>
  #include <sys/mman.h>
  #include <string.h>

  #define ADDR_INPUT      0x700000000000UL
  #define HPS             0x200000

  int main(int argc, char *argv[]) {
          int nr_hp = strtol(argv[1], NULL, 0);
          char *p;

          while (1) {
                  p = mmap((void *)ADDR_INPUT, nr_hp * HPS, PROT_READ | PROT_WRITE,
                           MAP_PRIVATE | MAP_ANONYMOUS | MAP_HUGETLB, -1, 0);
                  if (p != (void *)ADDR_INPUT) {
                          perror("mmap");
                          break;
                  }
                  memset(p, 0, nr_hp * HPS);
                  munmap(p, nr_hp * HPS);
          }
  }

  $ sysctl vm.nr_hugepages=40
  $ ./hugepage 10 &
  $ ./movepages 10 $(pgrep -f hugepage)

Fixes: e632a938d914 ("mm: migrate: add hugepage migration code to move_pages()")
Signed-off-by: Naoya Horiguchi <n-horiguchi@ah.jp.nec.com>
Reported-by: Hugh Dickins <hughd@google.com>
Cc: James Hogan <james.hogan@imgtec.com>
Cc: David Rientjes <rientjes@google.com>
Cc: Mel Gorman <mel@csn.ul.ie>
Cc: Johannes Weiner <hannes@cmpxchg.org>
Cc: Michal Hocko <mhocko@suse.cz>
Cc: Rik van Riel <riel@redhat.com>
Cc: Andrea Arcangeli <aarcange@redhat.com>
Cc: Luiz Capitulino <lcapitulino@redhat.com>
Cc: Nishanth Aravamudan <nacc@linux.vnet.ibm.com>
Cc: Lee Schermerhorn <lee.schermerhorn@hp.com>
Cc: Steve Capper <steve.capper@linaro.org>
Cc: <stable@vger.kernel.org> [3.12+]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
9 years agomm/hugetlb: use pmd_page() in follow_huge_pmd()
Naoya Horiguchi [Wed, 11 Feb 2015 23:25:15 +0000 (15:25 -0800)]
mm/hugetlb: use pmd_page() in follow_huge_pmd()

[ Upstream commit 97534127012f0e396eddea4691f4c9b170aed74b ]

Commit 61f77eda9bbf ("mm/hugetlb: reduce arch dependent code around
follow_huge_*") broke follow_huge_pmd() on s390, where pmd and pte
layout differ and using pte_page() on a huge pmd will return wrong
results.  Using pmd_page() instead fixes this.

All architectures that were touched by that commit have pmd_page()
defined, so this should not break anything on other architectures.

Fixes: 61f77eda "mm/hugetlb: reduce arch dependent code around follow_huge_*"
Signed-off-by: Gerald Schaefer <gerald.schaefer@de.ibm.com>
Acked-by: Naoya Horiguchi <n-horiguchi@ah.jp.nec.com>
Cc: Hugh Dickins <hughd@google.com>
Cc: Michal Hocko <mhocko@suse.cz>, Andrea Arcangeli <aarcange@redhat.com>
Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
Acked-by: David Rientjes <rientjes@google.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
9 years agostaging: comedi: adv_pci1710: fix AI INSN_READ for non-zero channel
Ian Abbott [Fri, 27 Feb 2015 16:04:42 +0000 (16:04 +0000)]
staging: comedi: adv_pci1710: fix AI INSN_READ for non-zero channel

[ Upstream commit abe46b8932dd9a6dfc3698e3eb121809b7b9ed28 ]

Reading of analog input channels by the `INSN_READ` comedi instruction
is broken for all except channel 0.  `pci171x_ai_insn_read()` calls
`pci171x_ai_read_sample()` with the wrong value for the third parameter.
It is supposed to be the current index in a channel list (which is
always of length 1 in this case, so the index should be 0), but instead
it is passing the actual channel number.  `pci171x_ai_read_sample()`
checks the channel number encoded in the raw sample value read from the
hardware matches the channel number stored in the specified index of the
previously set up channel list and returns `-ENODATA` if it doesn't
match.  Since the index should always be 0 in this case, the match will
fail unless the channel number is also 0.  Fix it by passing 0 as the
channel index.

Note that when the bug first appeared, it was `pci171x_ai_dropout()`
that was called with the wrong parameter value.  `pci171x_ai_dropout()`
got replaced with `pci171x_ai_read_sample()` in commit 7fd2dae2500d
("staging: comedi: adv_pci1710: introduce pci171x_ai_read_sample()").

Fixes: 16c7eb6047bb ("staging: comedi: adv_pci1710: always enable PCI171x_PARANOIDCHECK code")
Signed-off-by: Ian Abbott <abbotti@mev.co.uk>
Cc: stable <stable@vger.kernel.org> # 3.16+
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
9 years agoKVM: nVMX: mask unrestricted_guest if disabled on L0
Radim Krčmář [Tue, 17 Mar 2015 13:02:32 +0000 (14:02 +0100)]
KVM: nVMX: mask unrestricted_guest if disabled on L0

[ Upstream commit 0790ec172de1bd2e23f1dbd4925426b6cc3c1b72 ]

If EPT was enabled, unrestricted_guest was allowed in L1 regardless of
L0.  L1 triple faulted when running L2 guest that required emulation.

Another side effect was 'WARN_ON_ONCE(vmx->nested.nested_run_pending)'
in L0's dmesg:
  WARNING: CPU: 0 PID: 0 at arch/x86/kvm/vmx.c:9190 nested_vmx_vmexit+0x96e/0xb00 [kvm_intel] ()

Prevent this scenario by masking SECONDARY_EXEC_UNRESTRICTED_GUEST when
the host doesn't have it enabled.

Fixes: 78051e3b7e35 ("KVM: nVMX: Disable unrestricted mode if ept=0")
Cc: stable@vger.kernel.org
Tested-By: Kashyap Chamarthy <kchamart@redhat.com>
Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
Signed-off-by: Marcelo Tosatti <mtosatti@redhat.com>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
9 years agonetfilter: bridge: really save frag_max_size between PRE and POST_ROUTING
Florian Westphal [Wed, 1 Apr 2015 20:36:27 +0000 (22:36 +0200)]
netfilter: bridge: really save frag_max_size between PRE and POST_ROUTING

[ Upstream commit 0b67c43ce36a9964f1d5e3f973ee19eefd3f9f8f ]

We also need to save/store in forward, else br_parse_ip_options call
will zero frag_max_size as well.

Fixes: 93fdd47e5 ('bridge: Save frag_max_size between PRE_ROUTING and POST_ROUTING')
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>