Dan Carpenter [Fri, 20 Apr 2012 13:35:24 +0000 (16:35 +0300)]
Yama: remove an unused variable
GCC complains that we don't use "one" any more after
389da25f93 "Yama:
add additional ptrace scopes".
security/yama/yama_lsm.c:322:12: warning: ?one? defined but not used
[-Wunused-variable]
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Kees Cook <keescook@chromium.org>
Signed-off-by: James Morris <james.l.morris@oracle.com>
Will Drewry [Thu, 19 Apr 2012 00:50:25 +0000 (19:50 -0500)]
samples/seccomp: fix dependencies on arch macros
This change fixes the compilation error triggered here for
i386 allmodconfig in linux-next:
http://kisskb.ellerman.id.au/kisskb/buildresult/
6123842/
Logic attempting to predict the host architecture has been
removed from the Makefile. Instead, the bpf-direct sample
should now compile on any architecture, but if the architecture
is not supported, it will compile a minimal main() function.
This change also ensures the samples are not compiled when
there is no seccomp filter support.
(Note, I wasn't able to reproduce the error locally, but
the existing approach was clearly flawed. This tweak
should resolve your issue and avoid other future weirdness.)
Reported-by: Paul Gortmaker <paul.gortmaker@windriver.com>
Suggested-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Will Drewry <wad@chromium.org>
Signed-off-by: James Morris <james.l.morris@oracle.com>
Kees Cook [Mon, 16 Apr 2012 18:56:45 +0000 (11:56 -0700)]
Yama: add additional ptrace scopes
This expands the available Yama ptrace restrictions to include two more
modes. Mode 2 requires CAP_SYS_PTRACE for PTRACE_ATTACH, and mode 3
completely disables PTRACE_ATTACH (and locks the sysctl).
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: James Morris <james.l.morris@oracle.com>
Will Drewry [Tue, 17 Apr 2012 19:48:58 +0000 (14:48 -0500)]
seccomp: fix build warnings when there is no CONFIG_SECCOMP_FILTER
If both audit and seccomp filter support are disabled, 'ret' is marked
as unused.
If just seccomp filter support is disabled, data and skip are considered
unused.
This change fixes those build warnings.
Reported-by: Stephen Rothwell <sfr@canb.auug.org.au>
Signed-off-by: Will Drewry <wad@chromium.org>
Acked-by: Kees Cook <keescook@chromium.org>
Signed-off-by: James Morris <james.l.morris@oracle.com>
Will Drewry [Tue, 17 Apr 2012 19:48:57 +0000 (14:48 -0500)]
seccomp: ignore secure_computing return values
This change is inspired by
https://lkml.org/lkml/2012/4/16/14
which fixes the build warnings for arches that don't support
CONFIG_HAVE_ARCH_SECCOMP_FILTER.
In particular, there is no requirement for the return value of
secure_computing() to be checked unless the architecture supports
seccomp filter. Instead of silencing the warnings with (void)
a new static inline is added to encode the expected behavior
in a compiler and human friendly way.
v2: - cleans things up with a static inline
- removes sfr's signed-off-by since it is a different approach
v1: - matches sfr's original change
Reported-by: Stephen Rothwell <sfr@canb.auug.org.au>
Signed-off-by: Will Drewry <wad@chromium.org>
Acked-by: Kees Cook <keescook@chromium.org>
Signed-off-by: James Morris <james.l.morris@oracle.com>
Stephen Rothwell [Tue, 17 Apr 2012 02:08:48 +0000 (12:08 +1000)]
seccomp: use a static inline for a function stub
Fixes this error message when CONFIG_SECCOMP is not set:
arch/powerpc/kernel/ptrace.c: In function 'do_syscall_trace_enter':
arch/powerpc/kernel/ptrace.c:1713:2: error: statement with no effect [-Werror=unused-value]
Signed-off-by: Stephen Rothwell <sfr@ozlabs.au.ibm.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
Will Drewry [Thu, 12 Apr 2012 21:48:04 +0000 (16:48 -0500)]
Documentation: prctl/seccomp_filter
Documents how system call filtering using Berkeley Packet
Filter programs works and how it may be used.
Includes an example for x86 and a semi-generic
example using a macro-based code generator.
Acked-by: Eric Paris <eparis@redhat.com>
Signed-off-by: Will Drewry <wad@chromium.org>
Acked-by: Kees Cook <keescook@chromium.org>
v18: - added acked by
- update no new privs numbers
v17: - remove @compat note and add Pitfalls section for arch checking
(keescook@chromium.org)
v16: -
v15: -
v14: - rebase/nochanges
v13: - rebase on to
88ebdda6159ffc15699f204c33feb3e431bf9bdc
v12: - comment on the ptrace_event use
- update arch support comment
- note the behavior of SECCOMP_RET_DATA when there are multiple filters
(keescook@chromium.org)
- lots of samples/ clean up incl 64-bit bpf-direct support
(markus@chromium.org)
- rebase to linux-next
v11: - overhaul return value language, updates (keescook@chromium.org)
- comment on do_exit(SIGSYS)
v10: - update for SIGSYS
- update for new seccomp_data layout
- update for ptrace option use
v9: - updated bpf-direct.c for SIGILL
v8: - add PR_SET_NO_NEW_PRIVS to the samples.
v7: - updated for all the new stuff in v7: TRAP, TRACE
- only talk about PR_SET_SECCOMP now
- fixed bad JLE32 check (coreyb@linux.vnet.ibm.com)
- adds dropper.c: a simple system call disabler
v6: - tweak the language to note the requirement of
PR_SET_NO_NEW_PRIVS being called prior to use. (luto@mit.edu)
v5: - update sample to use system call arguments
- adds a "fancy" example using a macro-based generator
- cleaned up bpf in the sample
- update docs to mention arguments
- fix prctl value (eparis@redhat.com)
- language cleanup (rdunlap@xenotime.net)
v4: - update for no_new_privs use
- minor tweaks
v3: - call out BPF <-> Berkeley Packet Filter (rdunlap@xenotime.net)
- document use of tentative always-unprivileged
- guard sample compilation for i386 and x86_64
v2: - move code to samples (corbet@lwn.net)
Signed-off-by: James Morris <james.l.morris@oracle.com>
Will Drewry [Thu, 12 Apr 2012 21:48:03 +0000 (16:48 -0500)]
x86: Enable HAVE_ARCH_SECCOMP_FILTER
Enable support for seccomp filter on x86:
- syscall_get_arch()
- syscall_get_arguments()
- syscall_rollback()
- syscall_set_return_value()
- SIGSYS siginfo_t support
- secure_computing is called from a ptrace_event()-safe context
- secure_computing return value is checked (see below).
SECCOMP_RET_TRACE and SECCOMP_RET_TRAP may result in seccomp needing to
skip a system call without killing the process. This is done by
returning a non-zero (-1) value from secure_computing. This change
makes x86 respect that return value.
To ensure that minimal kernel code is exposed, a non-zero return value
results in an immediate return to user space (with an invalid syscall
number).
Signed-off-by: Will Drewry <wad@chromium.org>
Reviewed-by: H. Peter Anvin <hpa@zytor.com>
Acked-by: Eric Paris <eparis@redhat.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
v18: rebase and tweaked change description, acked-by
v17: added reviewed by and rebased
v..: all rebases since original introduction.
Signed-off-by: James Morris <james.l.morris@oracle.com>
Will Drewry [Thu, 12 Apr 2012 21:48:02 +0000 (16:48 -0500)]
ptrace,seccomp: Add PTRACE_SECCOMP support
This change adds support for a new ptrace option, PTRACE_O_TRACESECCOMP,
and a new return value for seccomp BPF programs, SECCOMP_RET_TRACE.
When a tracer specifies the PTRACE_O_TRACESECCOMP ptrace option, the
tracer will be notified, via PTRACE_EVENT_SECCOMP, for any syscall that
results in a BPF program returning SECCOMP_RET_TRACE. The 16-bit
SECCOMP_RET_DATA mask of the BPF program return value will be passed as
the ptrace_message and may be retrieved using PTRACE_GETEVENTMSG.
If the subordinate process is not using seccomp filter, then no
system call notifications will occur even if the option is specified.
If there is no tracer with PTRACE_O_TRACESECCOMP when SECCOMP_RET_TRACE
is returned, the system call will not be executed and an -ENOSYS errno
will be returned to userspace.
This change adds a dependency on the system call slow path. Any future
efforts to use the system call fast path for seccomp filter will need to
address this restriction.
Signed-off-by: Will Drewry <wad@chromium.org>
Acked-by: Eric Paris <eparis@redhat.com>
v18: - rebase
- comment fatal_signal check
- acked-by
- drop secure_computing_int comment
v17: - ...
v16: - update PT_TRACE_MASK to 0xbf4 so that STOP isn't clear on SETOPTIONS call (indan@nul.nu)
[note PT_TRACE_MASK disappears in linux-next]
v15: - add audit support for non-zero return codes
- clean up style (indan@nul.nu)
v14: - rebase/nochanges
v13: - rebase on to
88ebdda6159ffc15699f204c33feb3e431bf9bdc
(Brings back a change to ptrace.c and the masks.)
v12: - rebase to linux-next
- use ptrace_event and update arch/Kconfig to mention slow-path dependency
- drop all tracehook changes and inclusion (oleg@redhat.com)
v11: - invert the logic to just make it a PTRACE_SYSCALL accelerator
(indan@nul.nu)
v10: - moved to PTRACE_O_SECCOMP / PT_TRACE_SECCOMP
v9: - n/a
v8: - guarded PTRACE_SECCOMP use with an ifdef
v7: - introduced
Signed-off-by: James Morris <james.l.morris@oracle.com>
Will Drewry [Thu, 12 Apr 2012 21:48:01 +0000 (16:48 -0500)]
seccomp: Add SECCOMP_RET_TRAP
Adds a new return value to seccomp filters that triggers a SIGSYS to be
delivered with the new SYS_SECCOMP si_code.
This allows in-process system call emulation, including just specifying
an errno or cleanly dumping core, rather than just dying.
Suggested-by: Markus Gutschke <markus@chromium.org>
Suggested-by: Julien Tinnes <jln@chromium.org>
Signed-off-by: Will Drewry <wad@chromium.org>
Acked-by: Eric Paris <eparis@redhat.com>
v18: - acked-by, rebase
- don't mention secure_computing_int() anymore
v15: - use audit_seccomp/skip
- pad out error spacing; clean up switch (indan@nul.nu)
v14: - n/a
v13: - rebase on to
88ebdda6159ffc15699f204c33feb3e431bf9bdc
v12: - rebase on to linux-next
v11: - clarify the comment (indan@nul.nu)
- s/sigtrap/sigsys
v10: - use SIGSYS, syscall_get_arch, updates arch/Kconfig
note suggested-by (though original suggestion had other behaviors)
v9: - changes to SIGILL
v8: - clean up based on changes to dependent patches
v7: - introduction
Signed-off-by: James Morris <james.l.morris@oracle.com>
Will Drewry [Thu, 12 Apr 2012 21:48:00 +0000 (16:48 -0500)]
signal, x86: add SIGSYS info and make it synchronous.
This change enables SIGSYS, defines _sigfields._sigsys, and adds
x86 (compat) arch support. _sigsys defines fields which allow
a signal handler to receive the triggering system call number,
the relevant AUDIT_ARCH_* value for that number, and the address
of the callsite.
SIGSYS is added to the SYNCHRONOUS_MASK because it is desirable for it
to have setup_frame() called for it. The goal is to ensure that
ucontext_t reflects the machine state from the time-of-syscall and not
from another signal handler.
The first consumer of SIGSYS would be seccomp filter. In particular,
a filter program could specify a new return value, SECCOMP_RET_TRAP,
which would result in the system call being denied and the calling
thread signaled. This also means that implementing arch-specific
support can be dependent upon HAVE_ARCH_SECCOMP_FILTER.
Suggested-by: H. Peter Anvin <hpa@zytor.com>
Signed-off-by: Will Drewry <wad@chromium.org>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Reviewed-by: H. Peter Anvin <hpa@zytor.com>
Acked-by: Eric Paris <eparis@redhat.com>
v18: - added acked by, rebase
v17: - rebase and reviewed-by addition
v14: - rebase/nochanges
v13: - rebase on to
88ebdda6159ffc15699f204c33feb3e431bf9bdc
v12: - reworded changelog (oleg@redhat.com)
v11: - fix dropped words in the change description
- added fallback copy_siginfo support.
- added __ARCH_SIGSYS define to allow stepped arch support.
v10: - first version based on suggestion
Signed-off-by: James Morris <james.l.morris@oracle.com>
Will Drewry [Thu, 12 Apr 2012 21:47:59 +0000 (16:47 -0500)]
seccomp: add SECCOMP_RET_ERRNO
This change adds the SECCOMP_RET_ERRNO as a valid return value from a
seccomp filter. Additionally, it makes the first use of the lower
16-bits for storing a filter-supplied errno. 16-bits is more than
enough for the errno-base.h calls.
Returning errors instead of immediately terminating processes that
violate seccomp policy allow for broader use of this functionality
for kernel attack surface reduction. For example, a linux container
could maintain a whitelist of pre-existing system calls but drop
all new ones with errnos. This would keep a logically static attack
surface while providing errnos that may allow for graceful failure
without the downside of do_exit() on a bad call.
This change also changes the signature of __secure_computing. It
appears the only direct caller is the arm entry code and it clobbers
any possible return value (register) immediately.
Signed-off-by: Will Drewry <wad@chromium.org>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Acked-by: Eric Paris <eparis@redhat.com>
v18: - fix up comments and rebase
- fix bad var name which was fixed in later revs
- remove _int() and just change the __secure_computing signature
v16-v17: ...
v15: - use audit_seccomp and add a skip label. (eparis@redhat.com)
- clean up and pad out return codes (indan@nul.nu)
v14: - no change/rebase
v13: - rebase on to
88ebdda6159ffc15699f204c33feb3e431bf9bdc
v12: - move to WARN_ON if filter is NULL
(oleg@redhat.com, luto@mit.edu, keescook@chromium.org)
- return immediately for filter==NULL (keescook@chromium.org)
- change evaluation to only compare the ACTION so that layered
errnos don't result in the lowest one being returned.
(keeschook@chromium.org)
v11: - check for NULL filter (keescook@chromium.org)
v10: - change loaders to fn
v9: - n/a
v8: - update Kconfig to note new need for syscall_set_return_value.
- reordered such that TRAP behavior follows on later.
- made the for loop a little less indent-y
v7: - introduced
Signed-off-by: James Morris <james.l.morris@oracle.com>
Kees Cook [Thu, 12 Apr 2012 21:47:58 +0000 (16:47 -0500)]
seccomp: remove duplicated failure logging
This consolidates the seccomp filter error logging path and adds more
details to the audit log.
Signed-off-by: Will Drewry <wad@chromium.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
Acked-by: Eric Paris <eparis@redhat.com>
v18: make compat= permanent in the record
v15: added a return code to the audit_seccomp path by wad@chromium.org
(suggested by eparis@redhat.com)
v*: original by keescook@chromium.org
Signed-off-by: James Morris <james.l.morris@oracle.com>
Will Drewry [Thu, 12 Apr 2012 21:47:57 +0000 (16:47 -0500)]
seccomp: add system call filtering using BPF
[This patch depends on luto@mit.edu's no_new_privs patch:
https://lkml.org/lkml/2012/1/30/264
The whole series including Andrew's patches can be found here:
https://github.com/redpig/linux/tree/seccomp
Complete diff here:
https://github.com/redpig/linux/compare/
1dc65fed...seccomp
]
This patch adds support for seccomp mode 2. Mode 2 introduces the
ability for unprivileged processes to install system call filtering
policy expressed in terms of a Berkeley Packet Filter (BPF) program.
This program will be evaluated in the kernel for each system call
the task makes and computes a result based on data in the format
of struct seccomp_data.
A filter program may be installed by calling:
struct sock_fprog fprog = { ... };
...
prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &fprog);
The return value of the filter program determines if the system call is
allowed to proceed or denied. If the first filter program installed
allows prctl(2) calls, then the above call may be made repeatedly
by a task to further reduce its access to the kernel. All attached
programs must be evaluated before a system call will be allowed to
proceed.
Filter programs will be inherited across fork/clone and execve.
However, if the task attaching the filter is unprivileged
(!CAP_SYS_ADMIN) the no_new_privs bit will be set on the task. This
ensures that unprivileged tasks cannot attach filters that affect
privileged tasks (e.g., setuid binary).
There are a number of benefits to this approach. A few of which are
as follows:
- BPF has been exposed to userland for a long time
- BPF optimization (and JIT'ing) are well understood
- Userland already knows its ABI: system call numbers and desired
arguments
- No time-of-check-time-of-use vulnerable data accesses are possible.
- system call arguments are loaded on access only to minimize copying
required for system call policy decisions.
Mode 2 support is restricted to architectures that enable
HAVE_ARCH_SECCOMP_FILTER. In this patch, the primary dependency is on
syscall_get_arguments(). The full desired scope of this feature will
add a few minor additional requirements expressed later in this series.
Based on discussion, SECCOMP_RET_ERRNO and SECCOMP_RET_TRACE seem to be
the desired additional functionality.
No architectures are enabled in this patch.
Signed-off-by: Will Drewry <wad@chromium.org>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Reviewed-by: Indan Zupancic <indan@nul.nu>
Acked-by: Eric Paris <eparis@redhat.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
v18: - rebase to v3.4-rc2
- s/chk/check/ (akpm@linux-foundation.org,jmorris@namei.org)
- allocate with GFP_KERNEL|__GFP_NOWARN (indan@nul.nu)
- add a comment for get_u32 regarding endianness (akpm@)
- fix other typos, style mistakes (akpm@)
- added acked-by
v17: - properly guard seccomp filter needed headers (leann@ubuntu.com)
- tighten return mask to 0x7fff0000
v16: - no change
v15: - add a 4 instr penalty when counting a path to account for seccomp_filter
size (indan@nul.nu)
- drop the max insns to 256KB (indan@nul.nu)
- return ENOMEM if the max insns limit has been hit (indan@nul.nu)
- move IP checks after args (indan@nul.nu)
- drop !user_filter check (indan@nul.nu)
- only allow explicit bpf codes (indan@nul.nu)
- exit_code -> exit_sig
v14: - put/get_seccomp_filter takes struct task_struct
(indan@nul.nu,keescook@chromium.org)
- adds seccomp_chk_filter and drops general bpf_run/chk_filter user
- add seccomp_bpf_load for use by net/core/filter.c
- lower max per-process/per-hierarchy: 1MB
- moved nnp/capability check prior to allocation
(all of the above: indan@nul.nu)
v13: - rebase on to
88ebdda6159ffc15699f204c33feb3e431bf9bdc
v12: - added a maximum instruction count per path (indan@nul.nu,oleg@redhat.com)
- removed copy_seccomp (keescook@chromium.org,indan@nul.nu)
- reworded the prctl_set_seccomp comment (indan@nul.nu)
v11: - reorder struct seccomp_data to allow future args expansion (hpa@zytor.com)
- style clean up, @compat dropped, compat_sock_fprog32 (indan@nul.nu)
- do_exit(SIGSYS) (keescook@chromium.org, luto@mit.edu)
- pare down Kconfig doc reference.
- extra comment clean up
v10: - seccomp_data has changed again to be more aesthetically pleasing
(hpa@zytor.com)
- calling convention is noted in a new u32 field using syscall_get_arch.
This allows for cross-calling convention tasks to use seccomp filters.
(hpa@zytor.com)
- lots of clean up (thanks, Indan!)
v9: - n/a
v8: - use bpf_chk_filter, bpf_run_filter. update load_fns
- Lots of fixes courtesy of indan@nul.nu:
-- fix up load behavior, compat fixups, and merge alloc code,
-- renamed pc and dropped __packed, use bool compat.
-- Added a hidden CONFIG_SECCOMP_FILTER to synthesize non-arch
dependencies
v7: (massive overhaul thanks to Indan, others)
- added CONFIG_HAVE_ARCH_SECCOMP_FILTER
- merged into seccomp.c
- minimal seccomp_filter.h
- no config option (part of seccomp)
- no new prctl
- doesn't break seccomp on systems without asm/syscall.h
(works but arg access always fails)
- dropped seccomp_init_task, extra free functions, ...
- dropped the no-asm/syscall.h code paths
- merges with network sk_run_filter and sk_chk_filter
v6: - fix memory leak on attach compat check failure
- require no_new_privs || CAP_SYS_ADMIN prior to filter
installation. (luto@mit.edu)
- s/seccomp_struct_/seccomp_/ for macros/functions (amwang@redhat.com)
- cleaned up Kconfig (amwang@redhat.com)
- on block, note if the call was compat (so the # means something)
v5: - uses syscall_get_arguments
(indan@nul.nu,oleg@redhat.com, mcgrathr@chromium.org)
- uses union-based arg storage with hi/lo struct to
handle endianness. Compromises between the two alternate
proposals to minimize extra arg shuffling and account for
endianness assuming userspace uses offsetof().
(mcgrathr@chromium.org, indan@nul.nu)
- update Kconfig description
- add include/seccomp_filter.h and add its installation
- (naive) on-demand syscall argument loading
- drop seccomp_t (eparis@redhat.com)
v4: - adjusted prctl to make room for PR_[SG]ET_NO_NEW_PRIVS
- now uses current->no_new_privs
(luto@mit.edu,torvalds@linux-foundation.com)
- assign names to seccomp modes (rdunlap@xenotime.net)
- fix style issues (rdunlap@xenotime.net)
- reworded Kconfig entry (rdunlap@xenotime.net)
v3: - macros to inline (oleg@redhat.com)
- init_task behavior fixed (oleg@redhat.com)
- drop creator entry and extra NULL check (oleg@redhat.com)
- alloc returns -EINVAL on bad sizing (serge.hallyn@canonical.com)
- adds tentative use of "always_unprivileged" as per
torvalds@linux-foundation.org and luto@mit.edu
v2: - (patch 2 only)
Signed-off-by: James Morris <james.l.morris@oracle.com>
Will Drewry [Thu, 12 Apr 2012 21:47:56 +0000 (16:47 -0500)]
arch/x86: add syscall_get_arch to syscall.h
Add syscall_get_arch() to export the current AUDIT_ARCH_* based on system call
entry path.
Signed-off-by: Will Drewry <wad@chromium.org>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Reviewed-by: H. Peter Anvin <hpa@zytor.com>
Acked-by: Eric Paris <eparis@redhat.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
v18: - update comment about x32 tasks
- rebase to v3.4-rc2
v17: rebase and reviewed-by
v14: rebase/nochanges
v13: rebase on to
88ebdda6159ffc15699f204c33feb3e431bf9bdc
Signed-off-by: James Morris <james.l.morris@oracle.com>
Will Drewry [Thu, 12 Apr 2012 21:47:55 +0000 (16:47 -0500)]
asm/syscall.h: add syscall_get_arch
Adds a stub for a function that will return the AUDIT_ARCH_* value
appropriate to the supplied task based on the system call convention.
For audit's use, the value can generally be hard-coded at the
audit-site. However, for other functionality not inlined into syscall
entry/exit, this makes that information available. seccomp_filter is
the first planned consumer and, as such, the comment indicates a tie to
CONFIG_HAVE_ARCH_SECCOMP_FILTER.
Suggested-by: Roland McGrath <mcgrathr@chromium.org>
Signed-off-by: Will Drewry <wad@chromium.org>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Acked-by: Eric Paris <eparis@redhat.com>
v18: comment and change reword and rebase.
v14: rebase/nochanges
v13: rebase on to
88ebdda6159ffc15699f204c33feb3e431bf9bdc
v12: rebase on to linux-next
v11: fixed improper return type
v10: introduced
Signed-off-by: James Morris <james.l.morris@oracle.com>
Will Drewry [Thu, 12 Apr 2012 21:47:54 +0000 (16:47 -0500)]
seccomp: kill the seccomp_t typedef
Replaces the seccomp_t typedef with struct seccomp to match modern
kernel style.
Signed-off-by: Will Drewry <wad@chromium.org>
Reviewed-by: James Morris <jmorris@namei.org>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Acked-by: Eric Paris <eparis@redhat.com>
v18: rebase
...
v14: rebase/nochanges
v13: rebase on to
88ebdda6159ffc15699f204c33feb3e431bf9bdc
v12: rebase on to linux-next
v8-v11: no changes
v7: struct seccomp_struct -> struct seccomp
v6: original inclusion in this series.
Signed-off-by: James Morris <james.l.morris@oracle.com>
Will Drewry [Thu, 12 Apr 2012 21:47:53 +0000 (16:47 -0500)]
net/compat.c,linux/filter.h: share compat_sock_fprog
Any other users of bpf_*_filter that take a struct sock_fprog from
userspace will need to be able to also accept a compat_sock_fprog
if the arch supports compat calls. This change allows the existing
compat_sock_fprog be shared.
Signed-off-by: Will Drewry <wad@chromium.org>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Acked-by: Eric Dumazet <eric.dumazet@gmail.com>
Acked-by: Eric Paris <eparis@redhat.com>
v18: tasered by the apostrophe police
v14: rebase/nochanges
v13: rebase on to
88ebdda6159ffc15699f204c33feb3e431bf9bdc
v12: rebase on to linux-next
v11: introduction
Signed-off-by: James Morris <james.l.morris@oracle.com>
Will Drewry [Thu, 12 Apr 2012 21:47:52 +0000 (16:47 -0500)]
sk_run_filter: add BPF_S_ANC_SECCOMP_LD_W
Introduces a new BPF ancillary instruction that all LD calls will be
mapped through when skb_run_filter() is being used for seccomp BPF. The
rewriting will be done using a secondary chk_filter function that is run
after skb_chk_filter.
The code change is guarded by CONFIG_SECCOMP_FILTER which is added,
along with the seccomp_bpf_load() function later in this series.
This is based on http://lkml.org/lkml/2012/3/2/141
Suggested-by: Indan Zupancic <indan@nul.nu>
Signed-off-by: Will Drewry <wad@chromium.org>
Acked-by: Eric Dumazet <eric.dumazet@gmail.com>
Acked-by: Eric Paris <eparis@redhat.com>
v18: rebase
...
v15: include seccomp.h explicitly for when seccomp_bpf_load exists.
v14: First cut using a single additional instruction
... v13: made bpf functions generic.
Signed-off-by: James Morris <james.l.morris@oracle.com>
John Johansen [Thu, 12 Apr 2012 21:47:51 +0000 (16:47 -0500)]
Fix execve behavior apparmor for PR_{GET,SET}_NO_NEW_PRIVS
Add support for AppArmor to explicitly fail requested domain transitions
if NO_NEW_PRIVS is set and the task is not unconfined.
Transitions from unconfined are still allowed because this always results
in a reduction of privileges.
Acked-by: Eric Paris <eparis@redhat.com>
Signed-off-by: Will Drewry <wad@chromium.org>
Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Andy Lutomirski <luto@amacapital.net>
v18: new acked-by, new description
Signed-off-by: James Morris <james.l.morris@oracle.com>
Andy Lutomirski [Thu, 12 Apr 2012 21:47:50 +0000 (16:47 -0500)]
Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs
With this change, calling
prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0)
disables privilege granting operations at execve-time. For example, a
process will not be able to execute a setuid binary to change their uid
or gid if this bit is set. The same is true for file capabilities.
Additionally, LSM_UNSAFE_NO_NEW_PRIVS is defined to ensure that
LSMs respect the requested behavior.
To determine if the NO_NEW_PRIVS bit is set, a task may call
prctl(PR_GET_NO_NEW_PRIVS, 0, 0, 0, 0);
It returns 1 if set and 0 if it is not set. If any of the arguments are
non-zero, it will return -1 and set errno to -EINVAL.
(PR_SET_NO_NEW_PRIVS behaves similarly.)
This functionality is desired for the proposed seccomp filter patch
series. By using PR_SET_NO_NEW_PRIVS, it allows a task to modify the
system call behavior for itself and its child tasks without being
able to impact the behavior of a more privileged task.
Another potential use is making certain privileged operations
unprivileged. For example, chroot may be considered "safe" if it cannot
affect privileged tasks.
Note, this patch causes execve to fail when PR_SET_NO_NEW_PRIVS is
set and AppArmor is in use. It is fixed in a subsequent patch.
Signed-off-by: Andy Lutomirski <luto@amacapital.net>
Signed-off-by: Will Drewry <wad@chromium.org>
Acked-by: Eric Paris <eparis@redhat.com>
Acked-by: Kees Cook <keescook@chromium.org>
v18: updated change desc
v17: using new define values as per 3.4
Signed-off-by: James Morris <james.l.morris@oracle.com>
James Morris [Mon, 9 Apr 2012 05:48:07 +0000 (15:48 +1000)]
maintainers: update wiki url for the security subsystem
Update the wiki url for the security subsystem to:
http://kernsec.org/
Signed-off-by: James Morris <james.l.morris@oracle.com>
James Morris [Mon, 9 Apr 2012 01:03:36 +0000 (11:03 +1000)]
maintainers: add kernel/capability.c to capabilities entry
Add kernel/capability.c to capabilities entry.
Reported-by: Eric Paris <eparis@parisplace.org>
Signed-off-by: James Morris <james.l.morris@oracle.com>
James Morris [Mon, 9 Apr 2012 01:01:52 +0000 (11:01 +1000)]
Merge branch 'linus-master'; commit 'v3.4-rc2' into next
Linus Torvalds [Sun, 8 Apr 2012 01:30:41 +0000 (18:30 -0700)]
Linux 3.4-rc2
Linus Torvalds [Sat, 7 Apr 2012 16:56:00 +0000 (09:56 -0700)]
Merge tag 'regmap-3.4-fixes' of git://git./linux/kernel/git/broonie/regmap
Pull two more small regmap fixes from Mark Brown:
- Now we have users for it that aren't running Android it turns out
that regcache_sync_region() is much more useful to drivers if it's
exported for use by modules. Who knew?
- Make sure we don't divide by zero when doing debugfs dumps of
rbtrees, not visible up until now because everything was providing at
least some cache on startup.
* tag 'regmap-3.4-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regmap:
regmap: prevent division by zero in rbtree_show
regmap: Export regcache_sync_region()
Linus Torvalds [Sat, 7 Apr 2012 16:53:33 +0000 (09:53 -0700)]
Merge branch 'kvm-updates/3.4' of git://git./virt/kvm/kvm
Pull a few KVM fixes from Avi Kivity:
"A bunch of powerpc KVM fixes, a guest and a host RCU fix (unrelated),
and a small build fix."
* 'kvm-updates/3.4' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
KVM: Resolve RCU vs. async page fault problem
KVM: VMX: vmx_set_cr0 expects kvm->srcu locked
KVM: PMU: Fix integer constant is too large warning in kvm_pmu_set_msr()
KVM: PPC: Book3S: PR: Fix preemption
KVM: PPC: Save/Restore CR over vcpu_run
KVM: PPC: Book3S HV: Save and restore CR in __kvmppc_vcore_entry
KVM: PPC: Book3S HV: Fix kvm_alloc_linear in case where no linears exist
KVM: PPC: Book3S: Compile fix for ppc32 in HIOR access code
Linus Torvalds [Sat, 7 Apr 2012 16:52:46 +0000 (09:52 -0700)]
Merge tag 'sh-for-linus' of git://github.com/pmundt/linux-sh
Pull SuperH fixes from Paul Mundt.
* tag 'sh-for-linus' of git://github.com/pmundt/linux-sh:
sh: fix clock-sh7757 for the latest sh_mobile_sdhi driver
serial: sh-sci: use serial_port_in/out vs sci_in/out.
sh: vsyscall: Fix up .eh_frame generation.
sh: dma: Fix up device attribute mismatch from sysdev fallout.
sh: dwarf unwinder depends on SHcompact.
sh: fix up fallout from system.h disintegration.
Linus Torvalds [Sat, 7 Apr 2012 16:51:36 +0000 (09:51 -0700)]
Merge branch 'for-linus' of git://git./linux/kernel/git/jmorris/linux-security
Pull security layer fixlet from James Morris.
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
sysctl: fix write access to dmesg_restrict/kptr_restrict
Linus Torvalds [Sat, 7 Apr 2012 02:56:04 +0000 (19:56 -0700)]
Merge branch 'release' of git://git./linux/kernel/git/lenb/linux
Pull ACPI & Power Management patches from Len Brown:
"Two fixes for cpuidle merge-window changes, plus a URL fix in
MAINTAINERS"
* 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux:
MAINTAINERS: Update git url for ACPI
cpuidle: Fix panic in CPU off-lining with no idle driver
ACPI processor: Use safe_halt() rather than halt() in acpi_idle_play_dead()
Linus Torvalds [Sat, 7 Apr 2012 02:54:26 +0000 (19:54 -0700)]
Merge branch '3.4-rc-fixes' of git://git./linux/kernel/git/nab/target-pending
Pull target fixes from Nicholas Bellinger:
"Pull two tcm_fc fabric related fixes for -rc2:
Note that both have been CC'ed to stable, and patch #1 is the
important one that addresses a memory corruption bug related to FC
exchange timeouts + command abort.
Thanks again to MDR for tracking down this issue!"
* '3.4-rc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending:
tcm_fc: Do not free tpg structure during wq allocation failure
tcm_fc: Add abort flag for gracefully handling exchange timeout
Mark Rustad [Tue, 3 Apr 2012 17:24:52 +0000 (10:24 -0700)]
tcm_fc: Do not free tpg structure during wq allocation failure
Avoid freeing a registered tpg structure if an alloc_workqueue call
fails. This fixes a bug where the failure was leaking memory associated
with se_portal_group setup during the original core_tpg_register() call.
Signed-off-by: Mark Rustad <mark.d.rustad@intel.com>
Acked-by: Kiran Patil <Kiran.patil@intel.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
Mark Rustad [Tue, 3 Apr 2012 17:24:41 +0000 (10:24 -0700)]
tcm_fc: Add abort flag for gracefully handling exchange timeout
Add abort flag and use it to terminate processing when an exchange
is timed out or is reset. The abort flag is used in place of the
transport_generic_free_cmd function call in the reset and timeout
cases, because calling that function in that context would free
memory that was in use. The aborted flag allows the lifetime to
be managed in a more normal way, while truncating the processing.
This change eliminates a source of memory corruption which
manifested in a variety of ugly ways.
(nab: Drop unused struct fc_exch *ep in ft_recv_seq)
Signed-off-by: Mark Rustad <mark.d.rustad@intel.com>
Acked-by: Kiran Patil <Kiran.patil@intel.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
Len Brown [Sat, 7 Apr 2012 01:48:59 +0000 (21:48 -0400)]
Merge branches 'idle-fix' and 'misc' into release
Igor Murzov [Fri, 30 Mar 2012 18:40:12 +0000 (22:40 +0400)]
MAINTAINERS: Update git url for ACPI
Signed-off-by: Igor Murzov <e-mail@date.by>
Signed-off-by: Len Brown <len.brown@intel.com>
Linus Torvalds [Sat, 7 Apr 2012 00:56:20 +0000 (17:56 -0700)]
Merge branch 'stable' of git://git./linux/kernel/git/cmetcalf/linux-tile
Pull arch/tile bug fixes from Chris Metcalf:
"This includes Paul Gortmaker's change to fix the <asm/system.h>
disintegration issues on tile, a fix to unbreak the tilepro ethernet
driver, and a backlog of bugfix-only changes from internal Tilera
development over the last few months.
They have all been to LKML and on linux-next for the last few days.
The EDAC change to MAINTAINERS is an oddity but discussion on the
linux-edac list suggested I ask you to pull that change through my
tree since they don't have a tree to pull edac changes from at the
moment."
* 'stable' of git://git.kernel.org/pub/scm/linux/kernel/git/cmetcalf/linux-tile: (39 commits)
drivers/net/ethernet/tile: fix netdev_alloc_skb() bombing
MAINTAINERS: update EDAC information
tilepro ethernet driver: fix a few minor issues
tile-srom.c driver: minor code cleanup
edac: say "TILEGx" not "TILEPro" for the tilegx edac driver
arch/tile: avoid accidentally unmasking NMI-type interrupt accidentally
arch/tile: remove bogus performance optimization
arch/tile: return SIGBUS for addresses that are unaligned AND invalid
arch/tile: fix finv_buffer_remote() for tilegx
arch/tile: use atomic exchange in arch_write_unlock()
arch/tile: stop mentioning the "kvm" subdirectory
arch/tile: export the page_home() function.
arch/tile: fix pointer cast in cacheflush.c
arch/tile: fix single-stepping over swint1 instructions on tilegx
arch/tile: implement panic_smp_self_stop()
arch/tile: add "nop" after "nap" to help GX idle power draw
arch/tile: use proper memparse() for "maxmem" options
arch/tile: fix up locking in pgtable.c slightly
arch/tile: don't leak kernel memory when we unload modules
arch/tile: fix bug in delay_backoff()
...
Linus Torvalds [Sat, 7 Apr 2012 00:54:53 +0000 (17:54 -0700)]
Merge tag 'stable/for-linus-3.4-rc1-tag' of git://git./linux/kernel/git/konrad/xen
Pull xen fixes from Konrad Rzeszutek Wilk:
"Two fixes for regressions:
* one is a workaround that will be removed in v3.5 with proper fix in
the tip/x86 tree,
* the other is to fix drivers to load on PV (a previous patch made
them only load in PVonHVM mode).
The rest are just minor fixes in the various drivers and some cleanup
in the core code."
* tag 'stable/for-linus-3.4-rc1-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/konrad/xen:
xen/pcifront: avoid pci_frontend_enable_msix() falsely returning success
xen/pciback: fix XEN_PCI_OP_enable_msix result
xen/smp: Remove unnecessary call to smp_processor_id()
xen/x86: Workaround 'x86/ioapic: Add register level checks to detect bogus io-apic entries'
xen: only check xen_platform_pci_unplug if hvm
Linus Torvalds [Sat, 7 Apr 2012 00:22:23 +0000 (17:22 -0700)]
Merge tag 'mmc-fixes-for-3.4-rc2' of git://git./linux/kernel/git/cjb/mmc
Pull MMC fixes from Chris Ball:
- Disable use of MSI in sdhci-pci, which caused multiple chipsets to
stop working in 3.4-rc1. I'll wait to turn this on again until we
have a chipset whitelist for it.
- Fix a libertas SDIO powered-resume regression introduced in 3.3;
thanks to Neil Brown and Rafael Wysocki for this fix.
- Fix module reloading on omap_hsmmc.
- Stop trusting the spec/card's specified maximum data timeout length,
and use three seconds instead. Previously we used 300ms.
Also cleanups and fixes for s3c, atmel, sh_mmcif and omap_hsmmc.
* tag 'mmc-fixes-for-3.4-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/cjb/mmc: (28 commits)
mmc: use really long write timeout to deal with crappy cards
mmc: sdhci-dove: Fix compile error by including module.h
mmc: Prevent 1.8V switch for SD hosts that don't support UHS modes.
Revert "mmc: sdhci-pci: Add MSI support"
Revert "mmc: sdhci-pci: add quirks for broken MSI on O2Micro controllers"
mmc: core: fix power class selection
mmc: omap_hsmmc: fix module re-insertion
mmc: omap_hsmmc: convert to module_platform_driver
mmc: omap_hsmmc: make it behave well as a module
mmc: omap_hsmmc: trivial cleanups
mmc: omap_hsmmc: context save after enabling runtime pm
mmc: omap_hsmmc: use runtime put sync in probe error patch
mmc: sdio: Use empty system suspend/resume callbacks at the bus level
mmc: bus: print bus speed mode of UHS-I card
mmc: sdhci-pci: add quirks for broken MSI on O2Micro controllers
mmc: sh_mmcif: Simplify calculation of mmc->f_min
mmc: sh_mmcif: mmc->f_max should be half of the bus clock
mmc: sh_mmcif: double clock speed
mmc: block: Remove use of mmc_blk_set_blksize
mmc: atmel-mci: add support for odd clock dividers
...
Linus Torvalds [Fri, 6 Apr 2012 20:54:56 +0000 (13:54 -0700)]
Make the "word-at-a-time" helper functions more commonly usable
I have a new optimized x86 "strncpy_from_user()" that will use these
same helper functions for all the same reasons the name lookup code uses
them. This is preparation for that.
This moves them into an architecture-specific header file. It's
architecture-specific for two reasons:
- some of the functions are likely to want architecture-specific
implementations. Even if the current code happens to be "generic" in
the sense that it should work on any little-endian machine, it's
likely that the "multiply by a big constant and shift" implementation
is less than optimal for an architecture that has a guaranteed fast
bit count instruction, for example.
- I expect that if architectures like sparc want to start playing
around with this, we'll need to abstract out a few more details (in
particular the actual unaligned accesses). So we're likely to have
more architecture-specific stuff if non-x86 architectures start using
this.
(and if it turns out that non-x86 architectures don't start using
this, then having it in an architecture-specific header is still the
right thing to do, of course)
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Toshi Kani [Sun, 1 Apr 2012 03:37:02 +0000 (21:37 -0600)]
cpuidle: Fix panic in CPU off-lining with no idle driver
Fix a NULL pointer dereference panic in cpuidle_play_dead() during
CPU off-lining when no cpuidle driver is registered. A cpuidle
driver may be registered at boot-time based on CPU type. This patch
allows an off-lined CPU to enter HLT-based idle in this condition.
Signed-off-by: Toshi Kani <toshi.kani@hp.com>
Cc: Boris Ostrovsky <boris.ostrovsky@amd.com>
Reviewed-by: Srivatsa S. Bhat <srivatsa.bhat@linux.vnet.ibm.com>
Tested-by: Srivatsa S. Bhat <srivatsa.bhat@linux.vnet.ibm.com>
Signed-off-by: Len Brown <len.brown@intel.com>
Linus Torvalds [Fri, 6 Apr 2012 17:37:38 +0000 (10:37 -0700)]
Merge git://git./linux/kernel/git/davem/net
Pull networking updates from David Miller:
1) Fix inaccuracies in network driver interface documentation, from Ben
Hutchings.
2) Fix handling of negative offsets in BPF JITs, from Jan Seiffert.
3) Compile warning, locking, and refcounting fixes in netfilter's
xt_CT, from Pablo Neira Ayuso.
4) phonet sendmsg needs to validate user length just like any other
datagram protocol, fix from Sasha Levin.
5) Ipv6 multicast code uses wrong loop index, from RongQing Li.
6) Link handling and firmware fixes in bnx2x driver from Yaniv Rosner
and Yuval Mintz.
7) mlx4 erroneously allocates 4 pages at a time, regardless of page
size, fix from Thadeu Lima de Souza Cascardo.
8) SCTP socket option wasn't extended in a backwards compatible way,
fix from Thomas Graf.
9) Add missing address change event emissions to bonding, from Shlomo
Pongratz.
10) /proc/net/dev regressed because it uses a private offset to track
where we are in the hash table, but this doesn't track the offset
pullback that the seq_file code does resulting in some entries being
missed in large dumps.
Fix from Eric Dumazet.
11) do_tcp_sendpage() unloads the send queue way too fast, because it
invokes tcp_push() when it shouldn't. Let the natural sequence
generated by the splice paths, and the assosciated MSG_MORE
settings, guide the tcp_push() calls.
Otherwise what goes out of TCP is spaghetti and doesn't batch
effectively into GSO/TSO clusters.
From Eric Dumazet.
12) Once we put a SKB into either the netlink receiver's queue or a
socket error queue, it can be consumed and freed up, therefore we
cannot touch it after queueing it like that.
Fixes from Eric Dumazet.
13) PPP has this annoying behavior in that for every transmit call it
immediately stops the TX queue, then calls down into the next layer
to transmit the PPP frame.
But if that next layer can take it immediately, it just un-stops the
TX queue right before returning from the transmit method.
Besides being useless work, it makes several facilities unusable, in
particular things like the equalizers. Well behaved devices should
only stop the TX queue when they really are full, and in PPP's case
when it gets backlogged to the downstream device.
David Woodhouse therefore fixed PPP to not stop the TX queue until
it's downstream can't take data any more.
14) IFF_UNICAST_FLT got accidently lost in some recent stmmac driver
changes, re-add. From Marc Kleine-Budde.
15) Fix link flaps in ixgbe, from Eric W. Multanen.
16) Descriptor writeback fixes in e1000e from Matthew Vick.
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (47 commits)
net: fix a race in sock_queue_err_skb()
netlink: fix races after skb queueing
doc, net: Update ndo_start_xmit return type and values
doc, net: Remove instruction to set net_device::trans_start
doc, net: Update netdev operation names
doc, net: Update documentation of synchronisation for TX multiqueue
doc, net: Remove obsolete reference to dev->poll
ethtool: Remove exception to the requirement of holding RTNL lock
MAINTAINERS: update for Marvell Ethernet drivers
bonding: properly unset current_arp_slave on slave link up
phonet: Check input from user before allocating
tcp: tcp_sendpages() should call tcp_push() once
ipv6: fix array index in ip6_mc_add_src()
mlx4: allocate just enough pages instead of always 4 pages
stmmac: re-add IFF_UNICAST_FLT for dwmac1000
bnx2x: Clear MDC/MDIO warning message
bnx2x: Fix BCM57711+BCM84823 link issue
bnx2x: Clear BCM84833 LED after fan failure
bnx2x: Fix BCM84833 PHY FW version presentation
bnx2x: Fix link issue for BCM8727 boards.
...
Jan Beulich [Mon, 2 Apr 2012 14:22:39 +0000 (15:22 +0100)]
xen/pcifront: avoid pci_frontend_enable_msix() falsely returning success
The original XenoLinux code has always had things this way, and for
compatibility reasons (in particular with a subsequent pciback
adjustment) upstream Linux should behave the same way (allowing for two
distinct error indications to be returned by the backend).
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Jan Beulich [Mon, 2 Apr 2012 14:32:22 +0000 (15:32 +0100)]
xen/pciback: fix XEN_PCI_OP_enable_msix result
Prior to 2.6.19 and as of 2.6.31, pci_enable_msix() can return a
positive value to indicate the number of vectors (less than the amount
requested) that can be set up for a given device. Returning this as an
operation value (secondary result) is fine, but (primary) operation
results are expected to be negative (error) or zero (success) according
to the protocol. With the frontend fixed to match the XenoLinux
behavior, the backend can now validly return zero (success) here,
passing the upper limit on the number of vectors in op->value.
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Srivatsa S. Bhat [Thu, 22 Mar 2012 12:59:24 +0000 (18:29 +0530)]
xen/smp: Remove unnecessary call to smp_processor_id()
There is an extra and unnecessary call to smp_processor_id()
in cpu_bringup(). Remove it.
Signed-off-by: Srivatsa S. Bhat <srivatsa.bhat@linux.vnet.ibm.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Konrad Rzeszutek Wilk [Tue, 20 Mar 2012 19:04:18 +0000 (15:04 -0400)]
xen/x86: Workaround 'x86/ioapic: Add register level checks to detect bogus io-apic entries'
The above mentioned patch checks the IOAPIC and if it contains
-1, then it unmaps said IOAPIC. But under Xen we get this:
BUG: unable to handle kernel NULL pointer dereference at
0000000000000040
IP: [<
ffffffff8134e51f>] xen_irq_init+0x1f/0xb0
PGD 0
Oops: 0002 [#1] SMP
CPU 0
Modules linked in:
Pid: 1, comm: swapper/0 Not tainted 3.2.10-3.fc16.x86_64 #1 Dell Inc. Inspiron
1525 /0U990C
RIP: e030:[<
ffffffff8134e51f>] [<
ffffffff8134e51f>] xen_irq_init+0x1f/0xb0
RSP: e02b:
ffff8800d42cbb70 EFLAGS:
00010202
RAX:
0000000000000000 RBX:
00000000ffffffef RCX:
0000000000000001
RDX:
0000000000000040 RSI:
00000000ffffffef RDI:
0000000000000001
RBP:
ffff8800d42cbb80 R08:
ffff8800d6400000 R09:
0000000000000000
R10:
0000000000000000 R11:
0000000000000000 R12:
00000000ffffffef
R13:
0000000000000001 R14:
0000000000000001 R15:
0000000000000010
FS:
0000000000000000(0000) GS:
ffff8800df5fe000(0000) knlGS:
0000000000000000
CS: e033 DS: 0000 ES: 0000 CR0:
000000008005003b
CR2:
0000000000000040 CR3:
0000000001a05000 CR4:
0000000000002660
DR0:
0000000000000000 DR1:
0000000000000000 DR2:
0000000000000000
DR3:
0000000000000000 DR6:
00000000ffff0ff0 DR7:
0000000000000400
Process swapper/0 (pid: 1, threadinfo
ffff8800d42ca000, task
ffff8800d42d0000)
Stack:
00000000ffffffef 0000000000000010 ffff8800d42cbbe0 ffffffff8134f157
ffffffff8100a9b2 ffffffff8182ffd1 00000000000000a0 00000000829e7384
0000000000000002 0000000000000010 00000000ffffffff 0000000000000000
Call Trace:
[<
ffffffff8134f157>] xen_bind_pirq_gsi_to_irq+0x87/0x230
[<
ffffffff8100a9b2>] ? check_events+0x12+0x20
[<
ffffffff814bab42>] xen_register_pirq+0x82/0xe0
[<
ffffffff814bac1a>] xen_register_gsi.part.2+0x4a/0xd0
[<
ffffffff814bacc0>] acpi_register_gsi_xen+0x20/0x30
[<
ffffffff8103036f>] acpi_register_gsi+0xf/0x20
[<
ffffffff8131abdb>] acpi_pci_irq_enable+0x12e/0x202
[<
ffffffff814bc849>] pcibios_enable_device+0x39/0x40
[<
ffffffff812dc7ab>] do_pci_enable_device+0x4b/0x70
[<
ffffffff812dc878>] __pci_enable_device_flags+0xa8/0xf0
[<
ffffffff812dc8d3>] pci_enable_device+0x13/0x20
The reason we are dying is b/c the call acpi_get_override_irq() is used,
which returns the polarity and trigger for the IRQs. That function calls
mp_find_ioapics to get the 'struct ioapic' structure - which along with the
mp_irq[x] is used to figure out the default values and the polarity/trigger
overrides. Since the mp_find_ioapics now returns -1 [b/c the IOAPIC is filled
with 0xffffffff], the acpi_get_override_irq() stops trying to lookup in the
mp_irq[x] the proper INT_SRV_OVR and we can't install the SCI interrupt.
The proper fix for this is going in v3.5 and adds an x86_io_apic_ops
struct so that platforms can override it. But for v3.4 lets carry this
work-around. This patch does that by providing a slightly different variant
of the fake IOAPIC entries.
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Igor Mammedov [Tue, 27 Mar 2012 17:31:08 +0000 (19:31 +0200)]
xen: only check xen_platform_pci_unplug if hvm
commit
b9136d207f08
xen: initialize platform-pci even if xen_emul_unplug=never
breaks blkfront/netfront by not loading them because of
xen_platform_pci_unplug=0 and it is never set for PV guest.
Signed-off-by: Andrew Jones <drjones@redhat.com>
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Eric Dumazet [Fri, 6 Apr 2012 08:49:10 +0000 (10:49 +0200)]
net: fix a race in sock_queue_err_skb()
As soon as an skb is queued into socket error queue, another thread
can consume it, so we are not allowed to reference skb anymore, or risk
use after free.
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Eric Dumazet [Thu, 5 Apr 2012 22:17:46 +0000 (22:17 +0000)]
netlink: fix races after skb queueing
As soon as an skb is queued into socket receive_queue, another thread
can consume it, so we are not allowed to reference skb anymore, or risk
use after free.
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Ben Hutchings [Thu, 5 Apr 2012 14:40:25 +0000 (14:40 +0000)]
doc, net: Update ndo_start_xmit return type and values
Commit
dc1f8bf68b311b1537cb65893430b6796118498a ('netdev: change
transmit to limited range type') changed the required return type and
9a1654ba0b50402a6bd03c7b0fe9b0200a5ea7b1 ('net: Optimize
hard_start_xmit() return checking') changed the valid numerical
return values.
Signed-off-by: Ben Hutchings <bhutchings@solarflare.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Ben Hutchings [Thu, 5 Apr 2012 14:40:06 +0000 (14:40 +0000)]
doc, net: Remove instruction to set net_device::trans_start
Commit
08baf561083bc27a953aa087dd8a664bb2b88e8e ('net:
txq_trans_update() helper') made it unnecessary for most drivers to
set net_device::trans_start (or netdev_queue::trans_start).
Signed-off-by: Ben Hutchings <bhutchings@solarflare.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Ben Hutchings [Thu, 5 Apr 2012 14:39:47 +0000 (14:39 +0000)]
doc, net: Update netdev operation names
Commits
d314774cf2cd5dfeb39a00d37deee65d4c627927 ('netdev: network
device operations infrastructure') and
008298231abbeb91bc7be9e8b078607b816d1a4a ('netdev: add more functions
to netdevice ops') moved and renamed net device operation pointers.
Signed-off-by: Ben Hutchings <bhutchings@solarflare.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Ben Hutchings [Thu, 5 Apr 2012 14:39:30 +0000 (14:39 +0000)]
doc, net: Update documentation of synchronisation for TX multiqueue
Commits
e308a5d806c852f56590ffdd3834d0df0cbed8d7 ('netdev: Add
netdev->addr_list_lock protection.') and
e8a0464cc950972824e2e128028ae3db666ec1ed ('netdev: Allocate multiple
queues for TX.') introduced more fine-grained locks.
Signed-off-by: Ben Hutchings <bhutchings@solarflare.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Ben Hutchings [Thu, 5 Apr 2012 14:39:10 +0000 (14:39 +0000)]
doc, net: Remove obsolete reference to dev->poll
Commit
bea3348eef27e6044b6161fd04c3152215f96411 ('[NET]: Make NAPI
polling independent of struct net_device objects.') removed the
automatic disabling of NAPI polling by dev_close(), and drivers
must now do this themselves.
Signed-off-by: Ben Hutchings <bhutchings@solarflare.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Ben Hutchings [Thu, 5 Apr 2012 14:38:49 +0000 (14:38 +0000)]
ethtool: Remove exception to the requirement of holding RTNL lock
Commit
e52ac3398c3d772d372b9b62ab408fd5eec96840 ('net: Use device
model to get driver name in skb_gso_segment()') removed the only
in-tree caller of ethtool ops that doesn't hold the RTNL lock.
Signed-off-by: Ben Hutchings <bhutchings@solarflare.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Linus Torvalds [Fri, 6 Apr 2012 05:13:39 +0000 (22:13 -0700)]
Merge tag 'fixes-for-linus' of git://git./linux/kernel/git/arm/arm-soc
Pull "ARM: SoC fixes: from Olof Johansson:
"A bunch of fixes for regressions (and a few other problems) in
3.4-rc1:
- Fix for regression of mach/io.h cleanup on platforms with PCI or
PCMCIA (adding back the include file on those for now)
- AT91 fixes for usb and spi
- smsc911x ethernet fixes for i.MX
- smsc911x fixes for OMAP
- gpio fixes for Tegra
- A handful of build error and warning fixes for various platforms
- cpufreq kconfig dependencies, build and lowlevel debug fixes for
Samsung platforms
In other words, more or less the regular collection of -rc1/2 type
material. A few of them, in particular the smsc911x for OMAP series,
aren't technically regressions for 3.4, but they're valid fixes and
we're still relatively early in the rc cycle so it seems appropriate
to include them."
* tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc: (60 commits)
ARM: fix __io macro for PCMCIA
ARM: EXYNOS: Fix compiler warning in dma.c file
ARM: EXYNOS: fix ISO C90 warning
ARM: OMAP2+: hwmod: Fix wrong SYSC_TYPE1_XXX_MASK bit definitions
ARM: OMAP2+: hwmod: Make omap_hwmod_softreset wait for reset status
ARM: OMAP2+: hwmod: Restore sysc after a reset
ARM: OMAP2+: omap_hwmod: Allow io_ring wakeup configuration for all modules
ARM: OMAP3: clock data: fill in some missing clockdomains
ARM: OMAP4: clock data: Force a DPLL clkdm/pwrdm ON before a relock
ARM: OMAP4: clock data: fix mult and div mask for USB_DPLL
ARM: OMAP2+: powerdomain: Wait for powerdomain transition in pwrdm_state_switch()
gpio: tegra: Iterate over the correct number of banks
gpio: tegra: fix register address calculations for Tegra30
EXYNOS: fix dependency for EXYNOS_CPUFREQ
ARM: at91: dt: remove unit-address part for memory nodes
ARM: at91: fix check of valid GPIO for SPI and USB
USB: ehci-atmel: add needed of.h header file
ARM: at91/NAND DT bindings: add comments
ARM: at91/at91sam9x5.dtsi: fix NAND ale/cle in DT file
USB: ohci-at91: trivial return code name change
...
Linus Torvalds [Fri, 6 Apr 2012 04:38:51 +0000 (21:38 -0700)]
Merge branch 'for-linus' of git://git./linux/kernel/git/lliubbo/blackfin
Pull a few blackfin compile fixes from Bob Liu.
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/lliubbo/blackfin:
blackfin: update defconfig for bf527-ezkit
blackfin: gpio: fix compile error if !CONFIG_GPIOLIB
blackfin: fix L1 data A overflow link issue
Bob Liu [Thu, 5 Apr 2012 02:40:35 +0000 (10:40 +0800)]
blackfin: update defconfig for bf527-ezkit
To fix compile error:
drivers/usb/musb/blackfin.h:51:3: error: #error "Please use PIO mode in MUSB
driver on bf52x chip v0.0 and v0.1"
make[4]: *** [drivers/usb/musb/blackfin.o] Error 1
Signed-off-by: Bob Liu <lliubbo@gmail.com>
Bob Liu [Tue, 27 Mar 2012 03:27:15 +0000 (11:27 +0800)]
blackfin: gpio: fix compile error if !CONFIG_GPIOLIB
Add __gpio_get_value()/__gpio_set_value() to fix compile error if
CONFIG_GPIOLIB = n.
Signed-off-by: Bob Liu <lliubbo@gmail.com>
Mike Frysinger [Wed, 28 Mar 2012 03:43:02 +0000 (11:43 +0800)]
blackfin: fix L1 data A overflow link issue
This patch fix below compile error:
"bfin-uclinux-ld: L1 data A overflow!"
It is due to the recent lib/gen_crc32table.c change:
46c5801eaf86e83cb3a4142ad35188db5011fff0
crc32: bolt on crc32c
it added 8KiB more data to __cacheline_aligned which cause blackfin L1 data
cache overflow.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Signed-off-by: Bob Liu <lliubbo@gmail.com>
Linus Torvalds [Fri, 6 Apr 2012 00:34:30 +0000 (17:34 -0700)]
Merge branch 'for-linus' of git://git./linux/kernel/git/jikos/apm
Pull an APM fix from Jiri Kosina:
"One deadlock/race fix from Niel that got introduced when we were
moving away from freezer_*_count() to wait_event_freezable()."
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/apm:
APM: fix deadlock in APM_IOC_SUSPEND ioctl
Paul Walmsley [Mon, 12 Mar 2012 10:58:00 +0000 (04:58 -0600)]
mmc: use really long write timeout to deal with crappy cards
Several people have noticed that crappy SD cards take much longer to
complete multiple block writes than the 300ms that Linux specifies.
Try to work around this by using a three second write timeout instead.
This is a generalized version of a patch from Chase Maupin
<Chase.Maupin@ti.com>, whose patch description said:
* With certain SD cards timeouts like the following have been seen
due to an improper calculation of the dto value:
mmcblk0: error -110 transferring data, sector
4126233, nr 8,
card status 0xc00
* By removing the dto calculation and setting the timeout value
to the maximum specified by the SD card specification part A2
section 2.2.15 these timeouts can be avoided.
* This change has been used by beagleboard users as well as the
Texas Instruments SDK without a negative impact.
* There are multiple discussion threads about this but the most
relevant ones are:
* http://talk.maemo.org/showthread.php?p=
1000707#post1000707
* http://www.mail-archive.com/linux-omap@vger.kernel.org/msg42213.html
* Original proposal for this fix was done by Sukumar Ghoral of
Texas Instruments
* Tested using a Texas Instruments AM335x EVM
Signed-off-by: Paul Walmsley <paul@pwsan.com>
Tested-by: Tony Lindgren <tony@atomide.com>
Signed-off-by: Chris Ball <cjb@laptop.org>
Alf Høgemark [Wed, 4 Apr 2012 16:27:09 +0000 (12:27 -0400)]
mmc: sdhci-dove: Fix compile error by including module.h
This patch fixes a compile error in drivers/mmc/host/sdhci-dove.c
by including the linux/module.h file.
Signed-off-by: Alf Høgemark <alf@i100.no>
Cc: <stable@vger.kernel.org>
Signed-off-by: Chris Ball <cjb@laptop.org>
Al Cooper [Fri, 16 Mar 2012 19:54:17 +0000 (15:54 -0400)]
mmc: Prevent 1.8V switch for SD hosts that don't support UHS modes.
The driver should not try to switch to 1.8V when the SD 3.0 host
controller does not have any UHS capabilities bits set (SDR50, DDR50
or SDR104). See page 72 of "SD Specifications Part A2 SD Host
Controller Simplified Specification Version 3.00" under
"1.8V Signaling Enable". Instead of setting SDR12 and SDR25 in the host
capabilities data structure for all V3.0 host controllers, only set them
if SDR104, SDR50 or DDR50 is set in the host capabilities register. This
will prevent the switch to 1.8V later.
Signed-off-by: Al Cooper <acooper@gmail.com>
Acked-by: Arindam Nath <arindam.nath@amd.com>
Acked-by: Philip Rakity <prakity@marvell.com>
Acked-by: Girish K S <girish.shivananjappa@linaro.org>
Signed-off-by: Chris Ball <cjb@laptop.org>
Chris Ball [Tue, 3 Apr 2012 20:48:32 +0000 (16:48 -0400)]
Revert "mmc: sdhci-pci: Add MSI support"
This reverts commit
e6039832bed9a9b967796d7021f17f25b625b616.
There are reports of MSI breaking SDHCI on multiple chipsets (JMicron
and O2Micro, at least), so this should be reverted until we come up
with a whitelist or something.
Signed-off-by: Chris Ball <cjb@laptop.org>
Chris Ball [Tue, 3 Apr 2012 20:47:55 +0000 (16:47 -0400)]
Revert "mmc: sdhci-pci: add quirks for broken MSI on O2Micro controllers"
This reverts commit
c16e981b2fd9455af670a69a84f4c8cf07e12658, because
it's no longer useful once MSI support is reverted.
Signed-off-by: Chris Ball <cjb@laptop.org>
Subhash Jadavani [Tue, 3 Apr 2012 06:55:58 +0000 (12:25 +0530)]
mmc: core: fix power class selection
mmc_select_powerclass() function returns error if eMMC
VDD level supported by host is between 2.7v to 3.2v.
According to eMMC specification, valid voltage for high
voltage cards is 2.7v to 3.6v. This patch ensures that
2.7v to 3.6v VDD range is treated as valid range.
Also, failure to set the power class shouldn't be treated
as fatal error because even if setting the power class
fails, card can still work in default power class.
If mmc_select_powerclass() returns error, just print
the warning message and go ahead with rest of the card
initialization.
Signed-off-by: Subhash Jadavani <subhashj@codeaurora.org>
Acked-by: Girish K S <girish.shivananjappa@linaro.org>
Reviewed-by: Namjae Jeon <linkinjeon@gmail.com>
Signed-off-by: Chris Ball <cjb@laptop.org>
Balaji T K [Mon, 2 Apr 2012 06:56:47 +0000 (12:26 +0530)]
mmc: omap_hsmmc: fix module re-insertion
OMAP4 and OMAP3 HSMMC IP registers differ by 0x100 offset.
Adding the offset to platform_device resource structure
increments the start address for every insmod operation.
MMC command fails on re-insertion as module due to incorrect register
base. Fix this by updating the ioremap base address only.
Signed-off-by: Balaji T K <balajitk@ti.com>
Signed-off-by: Venkatraman S <svenkatr@ti.com>
Signed-off-by: Chris Ball <cjb@laptop.org>
Felipe Balbi [Wed, 14 Mar 2012 09:18:32 +0000 (11:18 +0200)]
mmc: omap_hsmmc: convert to module_platform_driver
This will delete some boilerplate code, no functional changes.
Signed-off-by: Felipe Balbi <balbi@ti.com>
Signed-off-by: Venkatraman S <svenkatr@ti.com>
Signed-off-by: Chris Ball <cjb@laptop.org>
Felipe Balbi [Wed, 14 Mar 2012 09:18:28 +0000 (11:18 +0200)]
mmc: omap_hsmmc: make it behave well as a module
If we put probe() on __init section, that will never work for multiple
module insertions/removals.
In order to make it work properly, move probe to __devinit section and
use platform_driver_register() instead of platform_driver_probe().
Signed-off-by: Felipe Balbi <balbi@ti.com>
Signed-off-by: Venkatraman S <svenkatr@ti.com>
Signed-off-by: Chris Ball <cjb@laptop.org>
Felipe Balbi [Wed, 14 Mar 2012 09:18:27 +0000 (11:18 +0200)]
mmc: omap_hsmmc: trivial cleanups
A bunch of non-functional cleanups to the omap_hsmmc driver.
It basically decreases indentation level, drop unneded dereferences
and drop unneded accesses to the platform_device structure.
Signed-off-by: Felipe Balbi <balbi@ti.com>
Signed-off-by: Venkatraman S <svenkatr@ti.com>
Signed-off-by: Chris Ball <cjb@laptop.org>
Balaji T K [Fri, 24 Feb 2012 15:44:34 +0000 (21:14 +0530)]
mmc: omap_hsmmc: context save after enabling runtime pm
Call context save api after enabling runtime pm to make sure that
register access in context save api happens with clk enabled.
Signed-off-by: Balaji T K <balajitk@ti.com>
Signed-off-by: Venkatraman S <svenkatr@ti.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Chris Ball <cjb@laptop.org>
Balaji T K [Fri, 24 Feb 2012 15:44:33 +0000 (21:14 +0530)]
mmc: omap_hsmmc: use runtime put sync in probe error patch
pm_runtime_put_sync instead of autosuspend pm runtime API
because iounmap(host->base) follows immediately.
Reported-by: Rajendra Nayak <rnayak@ti.com>
Signed-off-by: Balaji T K <balajitk@ti.com>
Signed-off-by: Venkatraman S <svenkatr@ti.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Chris Ball <cjb@laptop.org>
Rafael J. Wysocki [Sun, 1 Apr 2012 04:34:58 +0000 (00:34 -0400)]
mmc: sdio: Use empty system suspend/resume callbacks at the bus level
Neil Brown reports that commit
35cd133c
PM: Run the driver callback directly if the subsystem one is not there
breaks suspend for his libertas wifi, because SDIO has a protocol
where the suspend method can return -ENOSYS and this means "There is
no point in suspending, just turn me off". Moreover, the suspend
methods provided by SDIO drivers are not supposed to be called by
the PM core or bus-level suspend routines (which aren't presend for
SDIO). Instead, when the SDIO core gets to suspend the device's
ancestor, it calls the device driver's suspend function, catches the
ENOSYS, and turns the device off.
The commit above breaks the SDIO core's assumption that the device
drivers' callbacks won't be executed if it doesn't provide any
bus-level callbacks. If fact, however, this assumption has never
been really satisfied, because device class or device type suspend
might very well use the driver's callback even without that commit.
The simplest way to address this problem is to make the SDIO core
tell the PM core to ignore driver callbacks, for example by providing
no-operation suspend/resume callbacks at the bus level for it,
which is implemented by this change.
Reported-and-tested-by: Neil Brown <neilb@suse.de>
Signed-off-by: Rafael J. Wysocki <rjw@sisk.pl>
[stable: please apply to 3.3-stable only]
Cc: <stable@vger.kernel.org>
Signed-off-by: Chris Ball <cjb@laptop.org>
Subhash Jadavani [Fri, 30 Mar 2012 06:40:18 +0000 (12:10 +0530)]
mmc: bus: print bus speed mode of UHS-I card
When UHS-I card is detected also print the bus speed mode in which
UHS-I card will be running.
Signed-off-by: Subhash Jadavani <subhashj@codeaurora.org>
Reviewed-by: Namjae Jeon <linkinjeon@gmail.com>
Acked-by: Aaron Lu <aaron.lu@amd.com>
Signed-off-by: Chris Ball <cjb@laptop.org>
Manuel Lauss [Thu, 29 Mar 2012 17:05:04 +0000 (19:05 +0200)]
mmc: sdhci-pci: add quirks for broken MSI on O2Micro controllers
MSI on my O2Micro OZ600 SD card reader is broken. This patch adds a quirk
to disable MSI on these controllers.
Signed-off-by: Manuel Lauss <manuel.lauss@googlemail.com>
Signed-off-by: Chris Ball <cjb@laptop.org>
Simon Horman [Wed, 28 Mar 2012 09:01:11 +0000 (18:01 +0900)]
mmc: sh_mmcif: Simplify calculation of mmc->f_min
There is no need to tune mmc->f_min to a value near 400kHz as the MMC core
begins testing frequencies at 400kHz regardless of the value of mmc->f_min.
As suggested by Guennadi Liakhovetski.
Cc: Magnus Damm <magnus.damm@gmail.com>
Acked-by: Guennadi Liakhovetski <g.liakhovetski@gmx.de>
Tested-by: Cao Minh Hiep <hiepcm@gmail.com>
Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Chris Ball <cjb@laptop.org>
Simon Horman [Wed, 28 Mar 2012 09:01:10 +0000 (18:01 +0900)]
mmc: sh_mmcif: mmc->f_max should be half of the bus clock
mmc->f_max should be half of the bus clock.
And now that mmc->f_max is not equal to the bus clock the
latter should be used directly to calculate mmc->f_min.
Cc: Magnus Damm <magnus.damm@gmail.com>
Tested-by: Cao Minh Hiep <hiepcm@gmail.com>
Acked-by: Guennadi Liakhovetski <g.liakhovetski@gmx.de>
Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Chris Ball <cjb@laptop.org>
Simon Horman [Wed, 28 Mar 2012 09:01:09 +0000 (18:01 +0900)]
mmc: sh_mmcif: double clock speed
Correct an off-by one error when calculating the clock divisor in cases
where the host clock is a power of two of the target clock. Previously the
divisor was one greater than the correct value in these cases leading to
the clock being set at half the desired speed.
Thanks to Guennadi Liakhovetski for working with me on the logic for this
change.
Tested-by: Cao Minh Hiep <hiepcm@gmail.com>
Acked-by: Guennadi Liakhovetski <g.liakhovetski@gmx.de>
Signed-off-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Chris Ball <cjb@laptop.org>
Ulf Hansson [Thu, 22 Mar 2012 10:47:26 +0000 (11:47 +0100)]
mmc: block: Remove use of mmc_blk_set_blksize
According to the specifications for SD and (e)MMC default
blocksize (named BLOCKLEN in Spec.) must always be 512
bytes. Since we hardcoded to always use 512 bytes, we do
not explicitly have to set it. Future improvements should
potentially make it possible to use a greater blocksize
than 512 bytes, but until then let's skip this.
Signed-off-by: Ulf Hansson <ulf.hansson@stericsson.com>
Reviewed-by: Subhash Jadavani <subhashj@codeauora.org>
Signed-off-by: Chris Ball <cjb@laptop.org>
Ludovic Desroches [Wed, 21 Mar 2012 15:41:23 +0000 (16:41 +0100)]
mmc: atmel-mci: add support for odd clock dividers
Add an odd clock divider capability available from v5xx. It also involves
changing the clock divider calculation, and changing the switch-case
statement to use top-down fallthrough.
Signed-off-by: Ludovic Desroches <ludovic.desroches@atmel.com>
Acked-by: Nicolas Ferre <nicolas.ferre@atmel.com>
Signed-off-by: Chris Ball <cjb@laptop.org>
Ludovic Desroches [Wed, 21 Mar 2012 15:41:22 +0000 (16:41 +0100)]
mmc: atmel-mci: r/w proof capability only available since v2xx
Signed-off-by: Ludovic Desroches <ludovic.desroches@atmel.com>
Acked-by: Nicolas Ferre <nicolas.ferre@atmel.com>
Signed-off-by: Chris Ball <cjb@laptop.org>
Ludovic Desroches [Wed, 28 Mar 2012 10:28:33 +0000 (12:28 +0200)]
mmc: atmel-mci: correct data timeout computation
The HSMCI operates at a rate of up to Master Clock divided by two.
Moreover previous calculation can cause overflows and so wrong
timeouts.
Signed-off-by: Ludovic Desroches <ludovic.desroches@atmel.com>
Acked-by: Nicolas Ferre <nicolas.ferre@atmel.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Chris Ball <cjb@laptop.org>
Mark Brown [Sun, 1 Apr 2012 03:31:55 +0000 (23:31 -0400)]
mmc: sdhci-s3c: Enable runtime power management
Since most of the work is already done by the core we just need to add
runtime suspend methods and tell the PM core that runtime PM is enabled
for this device.
Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com>
Acked-by: Jaehoon Chung <jh80.chung@samsung.com>
Signed-off-by: Chris Ball <cjb@laptop.org>
Mark Brown [Sat, 3 Mar 2012 00:46:41 +0000 (00:46 +0000)]
mmc: sdhci-s3c: Use CONFIG_PM_SLEEP to ifdef system suspend
This matches current best practice as one can have runtime PM enabled
without system sleep and CONFIG_PM is defined for both.
Signed-off-by: Mark Brown <broonie@opensource.wolfsonmicro.com>
Acked-by: Jaehoon Chung <jh80.chung@samsung.com>
Signed-off-by: Chris Ball <cjb@laptop.org>
Julia Lawall [Fri, 9 Mar 2012 04:24:53 +0000 (23:24 -0500)]
mmc: sdhci-s3c: use devm_ functions
The various devm_ functions allocate memory that is released when a driver
detaches. This patch uses these functions for data that is allocated in
the probe function of a platform device and is only freed in the remove
function.
By using devm_ioremap, it also removes a potential memory leak, because
there was no call to iounmap in the probe function.
The call to platform_get_resource was moved just to make it closer to the
place where its result it used.
Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr>
Signed-off-by: Chris Ball <cjb@laptop.org>
Olof Johansson [Fri, 6 Apr 2012 00:09:45 +0000 (17:09 -0700)]
Merge tag 'omap-fixes-a2-for-3.4rc' of git://git./linux/kernel/git/pjw/omap-pending into fixes
From Paul Walmsley:
OMAP clock, powerdomain, clockdomain, and hwmod fixes intended for the
early v3.4-rc series. Also contains an HSMMC integration refinement
of an earlier hardware bug workaround.
* tag 'omap-fixes-a2-for-3.4rc' of git://git.kernel.org/pub/scm/linux/kernel/git/pjw/omap-pending:
ARM: OMAP2+: hwmod: Fix wrong SYSC_TYPE1_XXX_MASK bit definitions
ARM: OMAP2+: hwmod: Make omap_hwmod_softreset wait for reset status
ARM: OMAP2+: hwmod: Restore sysc after a reset
ARM: OMAP2+: omap_hwmod: Allow io_ring wakeup configuration for all modules
ARM: OMAP3: clock data: fill in some missing clockdomains
ARM: OMAP4: clock data: Force a DPLL clkdm/pwrdm ON before a relock
ARM: OMAP4: clock data: fix mult and div mask for USB_DPLL
ARM: OMAP2+: powerdomain: Wait for powerdomain transition in pwrdm_state_switch()
ARM: OMAP AM3517/3505: clock data: change EMAC clocks aliases
ARM: OMAP: clock: fix race in disable all clocks
ARM: OMAP4: hwmod data: Add aliases for McBSP fclk clocks
ARM: OMAP3xxx: clock data: fix DPLL4 CLKSEL masks
ARM: OMAP3xxx: HSMMC: avoid erratum workaround when transceiver is attached
ARM: OMAP44xx: clockdomain data: correct the emu_sys_clkdm CLKTRCTRL data
Thomas Abraham [Thu, 16 Feb 2012 13:23:59 +0000 (22:23 +0900)]
mmc: sdhci-s3c: Keep a copy of platform data and use it
The platform data is copied into driver's private data and the copy is
used for all access to the platform data. This simpifies the addition
of device tree support for the sdhci-s3c driver.
Signed-off-by: Thomas Abraham <thomas.abraham@linaro.org>
Signed-off-by: Kukjin Kim <kgene.kim@samsung.com>
Signed-off-by: Chris Ball <cjb@laptop.org>
Thomas Abraham [Sun, 1 Apr 2012 03:29:45 +0000 (23:29 -0400)]
mmc: sdhci-s3c: derive transfer width host cap from max_width in platdata
max_width member in platform data can be used to derive the mmc bus transfer
width that can be supported by the controller.
Signed-off-by: Thomas Abraham <thomas.abraham@linaro.org>
Signed-off-by: Kukjin Kim <kgene.kim@samsung.com>
Signed-off-by: Chris Ball <cjb@laptop.org>
Thomas Abraham [Thu, 16 Feb 2012 13:23:58 +0000 (22:23 +0900)]
mmc: sdhci-s3c: Remove usage of clk_type member in platform data
SDHCI controllers on Exynos4 do not include the sdclk divider as per the
sdhci controller specification. This case can be represented using the
sdhci quirk SDHCI_QUIRK_NONSTANDARD_CLOCK instead of using an additional
enum type definition 'clk_types'.
Hence, usage of clk_type member in platform data is removed and the sdhci
quirk is used. In addition to that, since this qurik is SoC specific,
driver data is introduced to represent controllers on SoC's that require
this quirk.
Cc: Ben Dooks <ben-linux@fluff.org>
Cc: Jeongbae Seo <jeongbae.seo@samsung.com>
Signed-off-by: Thomas Abraham <thomas.abraham@linaro.org>
Signed-off-by: Kukjin Kim <kgene.kim@samsung.com>
Signed-off-by: Chris Ball <cjb@laptop.org>
stephen hemminger [Mon, 2 Apr 2012 12:59:47 +0000 (12:59 +0000)]
MAINTAINERS: update for Marvell Ethernet drivers
Marvell has agreed to do maintenance on the sky2 driver.
* Add the developer to the maintainers file
* Remove the old reference to the long gone (sk98lin) driver
* Rearrange to fit current topic organization
Signed-off-by: Stephen Hemminger <shemminger@vyatta.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Veaceslav Falico [Thu, 5 Apr 2012 03:47:43 +0000 (03:47 +0000)]
bonding: properly unset current_arp_slave on slave link up
When a slave comes up, we're unsetting the current_arp_slave without
removing active flags from it, which can lead to situations where we have
more than one slave with active flags in active-backup mode.
To avoid this situation we must remove the active flags from a slave before
removing it as a current_arp_slave.
Signed-off-by: Veaceslav Falico <vfalico@redhat.com>
Signed-off-by: Jay Vosburgh <fubar@us.ibm.com>
Signed-off-by: Andy Gospodarek <andy@greyhouse.net>
Signed-off-by: Marcelo Ricardo Leitner <mleitner@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Sasha Levin [Thu, 5 Apr 2012 12:07:45 +0000 (12:07 +0000)]
phonet: Check input from user before allocating
A phonet packet is limited to USHRT_MAX bytes, this is never checked during
tx which means that the user can specify any size he wishes, and the kernel
will attempt to allocate that size.
In the good case, it'll lead to the following warning, but it may also cause
the kernel to kick in the OOM and kill a random task on the server.
[ 8921.744094] WARNING: at mm/page_alloc.c:2255 __alloc_pages_slowpath+0x65/0x730()
[ 8921.749770] Pid: 5081, comm: trinity Tainted: G W 3.4.0-rc1-next-
20120402-sasha #46
[ 8921.756672] Call Trace:
[ 8921.758185] [<
ffffffff810b2ba7>] warn_slowpath_common+0x87/0xb0
[ 8921.762868] [<
ffffffff810b2be5>] warn_slowpath_null+0x15/0x20
[ 8921.765399] [<
ffffffff8117eae5>] __alloc_pages_slowpath+0x65/0x730
[ 8921.769226] [<
ffffffff81179c8a>] ? zone_watermark_ok+0x1a/0x20
[ 8921.771686] [<
ffffffff8117d045>] ? get_page_from_freelist+0x625/0x660
[ 8921.773919] [<
ffffffff8117f3a8>] __alloc_pages_nodemask+0x1f8/0x240
[ 8921.776248] [<
ffffffff811c03e0>] kmalloc_large_node+0x70/0xc0
[ 8921.778294] [<
ffffffff811c4bd4>] __kmalloc_node_track_caller+0x34/0x1c0
[ 8921.780847] [<
ffffffff821b0e3c>] ? sock_alloc_send_pskb+0xbc/0x260
[ 8921.783179] [<
ffffffff821b3c65>] __alloc_skb+0x75/0x170
[ 8921.784971] [<
ffffffff821b0e3c>] sock_alloc_send_pskb+0xbc/0x260
[ 8921.787111] [<
ffffffff821b002e>] ? release_sock+0x7e/0x90
[ 8921.788973] [<
ffffffff821b0ff0>] sock_alloc_send_skb+0x10/0x20
[ 8921.791052] [<
ffffffff824cfc20>] pep_sendmsg+0x60/0x380
[ 8921.792931] [<
ffffffff824cb4a6>] ? pn_socket_bind+0x156/0x180
[ 8921.794917] [<
ffffffff824cb50f>] ? pn_socket_autobind+0x3f/0x90
[ 8921.797053] [<
ffffffff824cb63f>] pn_socket_sendmsg+0x4f/0x70
[ 8921.798992] [<
ffffffff821ab8e7>] sock_aio_write+0x187/0x1b0
[ 8921.801395] [<
ffffffff810e325e>] ? sub_preempt_count+0xae/0xf0
[ 8921.803501] [<
ffffffff8111842c>] ? __lock_acquire+0x42c/0x4b0
[ 8921.805505] [<
ffffffff821ab760>] ? __sock_recv_ts_and_drops+0x140/0x140
[ 8921.807860] [<
ffffffff811e07cc>] do_sync_readv_writev+0xbc/0x110
[ 8921.809986] [<
ffffffff811958e7>] ? might_fault+0x97/0xa0
[ 8921.811998] [<
ffffffff817bd99e>] ? security_file_permission+0x1e/0x90
[ 8921.814595] [<
ffffffff811e17e2>] do_readv_writev+0xe2/0x1e0
[ 8921.816702] [<
ffffffff810b8dac>] ? do_setitimer+0x1ac/0x200
[ 8921.818819] [<
ffffffff810e2ec1>] ? get_parent_ip+0x11/0x50
[ 8921.820863] [<
ffffffff810e325e>] ? sub_preempt_count+0xae/0xf0
[ 8921.823318] [<
ffffffff811e1926>] vfs_writev+0x46/0x60
[ 8921.825219] [<
ffffffff811e1a3f>] sys_writev+0x4f/0xb0
[ 8921.827127] [<
ffffffff82658039>] system_call_fastpath+0x16/0x1b
[ 8921.829384] ---[ end trace
dffe390f30db9eb7 ]---
Signed-off-by: Sasha Levin <levinsasha928@gmail.com>
Acked-by: Rémi Denis-Courmont <remi.denis-courmont@nokia.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Eric Dumazet [Thu, 5 Apr 2012 03:05:35 +0000 (03:05 +0000)]
tcp: tcp_sendpages() should call tcp_push() once
commit
2f533844242 (tcp: allow splice() to build full TSO packets) added
a regression for splice() calls using SPLICE_F_MORE.
We need to call tcp_flush() at the end of the last page processed in
tcp_sendpages(), or else transmits can be deferred and future sends
stall.
Add a new internal flag, MSG_SENDPAGE_NOTLAST, acting like MSG_MORE, but
with different semantic.
For all sendpage() providers, its a transparent change. Only
sock_sendpage() and tcp_sendpages() can differentiate the two different
flags provided by pipe_to_sendpage()
Reported-by: Tom Herbert <therbert@google.com>
Cc: Nandita Dukkipati <nanditad@google.com>
Cc: Neal Cardwell <ncardwell@google.com>
Cc: Tom Herbert <therbert@google.com>
Cc: Yuchung Cheng <ycheng@google.com>
Cc: H.K. Jerry Chu <hkchu@google.com>
Cc: Maciej Żenczykowski <maze@google.com>
Cc: Mahesh Bandewar <maheshb@google.com>
Cc: Ilpo Järvinen <ilpo.jarvinen@helsinki.fi>
Signed-off-by: Eric Dumazet <eric.dumazet@gmail>com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Linus Torvalds [Thu, 5 Apr 2012 22:30:34 +0000 (15:30 -0700)]
Merge branch 'akpm' (Andrew's patch-bomb)
Merge batch of fixes from Andrew Morton:
"The simple_open() cleanup was held back while I wanted for laggards to
merge things.
I still need to send a few checkpoint/restore patches. I've been
wobbly about merging them because I'm wobbly about the overall
prospects for success of the project. But after speaking with Pavel
at the LSF conference, it sounds like they're further toward
completion than I feared - apparently davem is at the "has stopped
complaining" stage regarding the net changes. So I need to go back
and re-review those patchs and their (lengthy) discussion."
* emailed from Andrew Morton <akpm@linux-foundation.org>: (16 patches)
memcg swap: use mem_cgroup_uncharge_swap fix
backlight: add driver for DA9052/53 PMIC v1
C6X: use set_current_blocked() and block_sigmask()
MAINTAINERS: add entry for sparse checker
MAINTAINERS: fix REMOTEPROC F: typo
alpha: use set_current_blocked() and block_sigmask()
simple_open: automatically convert to simple_open()
scripts/coccinelle/api/simple_open.cocci: semantic patch for simple_open()
libfs: add simple_open()
hugetlbfs: remove unregister_filesystem() when initializing module
drivers/rtc/rtc-88pm860x.c: fix rtc irq enable callback
fs/xattr.c:setxattr(): improve handling of allocation failures
fs/xattr.c:listxattr(): fall back to vmalloc() if kmalloc() failed
fs/xattr.c: suppress page allocation failure warnings from sys_listxattr()
sysrq: use SEND_SIG_FORCED instead of force_sig()
proc: fix mount -t proc -o AAA
Michal Hocko [Thu, 5 Apr 2012 21:25:16 +0000 (14:25 -0700)]
memcg swap: use mem_cgroup_uncharge_swap fix
Although mem_cgroup_uncharge_swap has an empty placeholder for
!CONFIG_CGROUP_MEM_RES_CTLR_SWAP the definition is placed in the
CONFIG_SWAP ifdef block so we are missing the same definition for
!CONFIG_SWAP which implies !CONFIG_CGROUP_MEM_RES_CTLR_SWAP.
This has not been an issue before, because mem_cgroup_uncharge_swap was
not called from !CONFIG_SWAP context. But Hugh Dickins has a cleanup
patch to call __mem_cgroup_commit_charge_swapin which is defined also
for !CONFIG_SWAP.
Let's move both the empty definition and declaration outside of the
CONFIG_SWAP block to avoid the following compilation error:
mm/memcontrol.c: In function '__mem_cgroup_commit_charge_swapin':
mm/memcontrol.c:2837: error: implicit declaration of function 'mem_cgroup_uncharge_swap'
if CONFIG_SWAP is disabled.
Reported-by: David Rientjes <rientjes@google.com>
Signed-off-by: Michal Hocko <mhocko@suse.cz>
Cc: Hugh Dickins <hughd@google.com>
Cc: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
Cc: Daisuke Nishimura <nishimura@mxp.nes.nec.co.jp>
Cc: Johannes Weiner <hannes@cmpxchg.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Ashish Jangam [Thu, 5 Apr 2012 21:25:15 +0000 (14:25 -0700)]
backlight: add driver for DA9052/53 PMIC v1
DA9052/53 PMIC has capability to supply power for upto 3 banks of 6
white serial LEDS. It can also control intensity of independent banks
and to drive these banks boost converter will provide up to 24V and
forward current of max 50mA.
This patch allows to control intensity of the individual WLEDs bank
through DA9052/53 PMIC.
This patch is functionally tested on Samsung SMDKV6410.
Signed-off-by: David Dajun Chen <dchen@diasemi.com>
Signed-off-by: Ashish Jangam <ashish.jangam@kpitcummins.com>
Cc: Richard Purdie <rpurdie@rpsys.net>
Cc: Samuel Ortiz <sameo@linux.intel.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Matt Fleming [Thu, 5 Apr 2012 21:25:14 +0000 (14:25 -0700)]
C6X: use set_current_blocked() and block_sigmask()
As described in
e6fa16ab9c1e ("signal: sigprocmask() should do
retarget_shared_pending()") the modification of current->blocked is
incorrect as we need to check whether the signal we're about to block is
pending in the shared queue.
Also, use the new helper function introduced in commit
5e6292c0f28f
("signal: add block_sigmask() for adding sigmask to current->blocked")
which centralises the code for updating current->blocked after
successfully delivering a signal and reduces the amount of duplicate
code across architectures. In the past some architectures got this code
wrong, so using this helper function should stop that from happening
again.
Acked-by: Mark Salter <msalter@redhat.com>
Cc: Aurelien Jacquiot <a-jacquiot@ti.com>
Acked-by: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Matt Fleming <matt.fleming@intel.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Christopher Li [Thu, 5 Apr 2012 21:25:14 +0000 (14:25 -0700)]
MAINTAINERS: add entry for sparse checker
Signed-off-by: Christopher Li <sparse@chrisli.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Joe Perches [Thu, 5 Apr 2012 21:25:13 +0000 (14:25 -0700)]
MAINTAINERS: fix REMOTEPROC F: typo
remoteproc.txt should have been .h
Signed-off-by: Joe Perches <joe@perches.com>
Cc: Ohad Ben-Cohen <ohad@wizery.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Matt Fleming [Thu, 5 Apr 2012 21:25:12 +0000 (14:25 -0700)]
alpha: use set_current_blocked() and block_sigmask()
As described in
e6fa16ab9c1e ("signal: sigprocmask() should do
retarget_shared_pending()") the modification of current->blocked is
incorrect as we need to check for shared signals we're about to block.
Also, use the new helper function introduced in commit
5e6292c0f28f
("signal: add block_sigmask() for adding sigmask to current->blocked")
which centralises the code for updating current->blocked after
successfully delivering a signal and reduces the amount of duplicate
code across architectures. In the past some architectures got this code
wrong, so using this helper function should stop that from happening
again.
Cc: Richard Henderson <rth@twiddle.net>
Cc: Ivan Kokshaysky <ink@jurassic.park.msu.ru>
Cc: Matt Turner <mattst88@gmail.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Acked-by: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Matt Fleming <matt.fleming@intel.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>