Rusty Russell [Wed, 11 Feb 2015 04:45:12 +0000 (15:15 +1030)]
lguest: add a dummy PCI host bridge.
Otherwise Linux fails to find the bus.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Rusty Russell [Wed, 11 Feb 2015 04:45:11 +0000 (15:15 +1030)]
lguest: fix failure to find linux/virtio_types.h
We want to use the local kernel headers, but -I../../include/uapi leads us into
a world of hurt. Instead we create a dummy include/ dir with symlinks.
If we just use #include "../../include/uapi/linux/virtio_blk.h" we get:
../../include/uapi/linux/virtio_blk.h:31:32: fatal error: linux/virtio_types.h: No such file or directory
#include <linux/virtio_types.h>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Rusty Russell [Wed, 11 Feb 2015 04:45:11 +0000 (15:15 +1030)]
lguest: implement virtio-PCI MMIO accesses.
For each device, We need to include the vendor capabilities to demark
where virtio common, notification and ISR regions are (we put them
all in BAR0).
We need to handle the switching of the virtqueues using the accessors.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Rusty Russell [Wed, 11 Feb 2015 04:45:11 +0000 (15:15 +1030)]
lguest: add PCI config space emulation to example launcher.
This handles ioport 0xCF8 and 0xCFC accesses, which are used to
read/write PCI device config space.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Rusty Russell [Wed, 11 Feb 2015 04:45:11 +0000 (15:15 +1030)]
lguest: decode mmio accesses for PCI in example launcher.
We don't do anything with them yet (emulate_mmio_write and
emulate_mmio_read are stubs), but we decode the instructions and
search for the device they're hitting.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Rusty Russell [Wed, 11 Feb 2015 04:45:11 +0000 (15:15 +1030)]
lguest: add MMIO region allocator in example launcher.
This is where we point our PCI BARs, so that we can intercept MMIO
accesses. We tell the kernel about it so any faults in this area are
directed to us.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Rusty Russell [Wed, 11 Feb 2015 04:45:10 +0000 (15:15 +1030)]
lguest: Override pcibios_enable_irq/pcibios_disable_irq to our stupid PIC
This lets us deliver interrupts for our emulated PCI devices using our
dumb PIC, and not emulate an 8259 and PCI irq mapping tables or whatever.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Rusty Russell [Wed, 11 Feb 2015 04:45:10 +0000 (15:15 +1030)]
lguest: disable ACPI explicitly.
Once we add PCI, it starts trying to manage our interrupts.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Rusty Russell [Wed, 11 Feb 2015 04:45:10 +0000 (15:15 +1030)]
lguest: add iomem region, where guest page faults get sent to userspace.
This lets us implement PCI.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Rusty Russell [Wed, 11 Feb 2015 04:45:10 +0000 (15:15 +1030)]
lguest: don't disable iospace.
This no longer speeds up boot (IDE got better, I guess), but it does stop
us probing for a PCI bus.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Rusty Russell [Wed, 11 Feb 2015 04:45:10 +0000 (15:15 +1030)]
lguest: suppress PS/2 keyboard polling.
While hacking on getting I/O out to the lguest launcher, I noticed
that returning 0xFF for the PS/2 keyboard status made it spin for a
while thinking there was a key pending. Fix this by returning 1
instead of 0xFF.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Rusty Russell [Wed, 11 Feb 2015 04:45:10 +0000 (15:15 +1030)]
lguest: send trap 13 through to userspace.
We copy 7 bytes at eip for userspace's instruction decode; we have to
carefully handle the case where eip is at the end of a page. We can't
leave this to userspace since kernel has all the page table decode
logic.
The decode logic moves to userspace, basically unchanged.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Rusty Russell [Wed, 11 Feb 2015 04:45:09 +0000 (15:15 +1030)]
lguest: add infrastructure to check mappings.
We normally abort the guest unconditionally when it gives us a bad address,
but in the next patch we want to copy some bytes which may not be mapped.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Rusty Russell [Wed, 11 Feb 2015 04:45:09 +0000 (15:15 +1030)]
lguest: add infrastructure for userspace to deliver a trap to the guest.
This is required for instruction emulation to move to userspace.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Rusty Russell [Wed, 11 Feb 2015 04:45:09 +0000 (15:15 +1030)]
lguest: write more information to userspace about pending traps.
This is preparation for userspace handling MMIO and ioport accesses.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Rusty Russell [Wed, 11 Feb 2015 04:45:09 +0000 (15:15 +1030)]
lguest: add operations to get/set a register from the Launcher.
We use the ptrace API struct, and we currently don't let them set
anything but the normal registers (we'd have to filter the others).
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Rusty Russell [Wed, 11 Feb 2015 04:45:09 +0000 (15:15 +1030)]
lguest: have --rng read from /dev/urandom not /dev/random.
Theoretical debates aside, now it boots.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Rusty Russell [Wed, 11 Feb 2015 04:31:14 +0000 (15:01 +1030)]
virtio: don't require a config space on the console device.
Strictly, it's only needed when we have features (size or multiport).
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Rusty Russell [Wed, 11 Feb 2015 04:31:14 +0000 (15:01 +1030)]
virtio_pci: use 16-bit accessor for queue_enable.
Since PCI is little endian, 8-bit access might work, but the spec section
is very clear on this:
4.1.3.1 Driver Requirements: PCI Device Layout
The driver MUST access each field using the “natural” access method,
i.e. 32-bit accesses for 32-bit fields, 16-bit accesses for 16-bit
fields and 8-bit accesses for 8-bit fields.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Rusty Russell [Wed, 11 Feb 2015 04:31:14 +0000 (15:01 +1030)]
virtio: Don't expose legacy config features when VIRTIO_CONFIG_NO_LEGACY defined.
The VIRTIO_F_ANY_LAYOUT and VIRTIO_F_NOTIFY_ON_EMPTY features are pre-1.0
only.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Rusty Russell [Wed, 11 Feb 2015 04:31:14 +0000 (15:01 +1030)]
virtio: Don't expose legacy block features when VIRTIO_BLK_NO_LEGACY defined.
This allows modern implementations to ensure they don't use legacy
feature bits or SCSI commands (which are not used in v1.0 non-legacy).
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Rusty Russell [Wed, 11 Feb 2015 04:31:14 +0000 (15:01 +1030)]
virtio: define VIRTIO_PCI_CAP_PCI_CFG in header.
This provides backdoor access to the device MMIOs, and every device should
have one. From the virtio 1.0 spec (CS03):
4.1.4.7.1 Device Requirements: PCI configuration access capability
The device MUST present at least one VIRTIO_PCI_CAP_PCI_CFG capability.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Tetsuo Handa [Wed, 11 Feb 2015 04:31:13 +0000 (15:01 +1030)]
virtio: Avoid possible kernel panic if DEBUG is enabled.
The virtqueue_add() calls START_USE() upon entry. The virtqueue_kick() is
called if vq->num_added == (1 << 16) - 1 before calling END_USE().
The virtqueue_kick_prepare() called via virtqueue_kick() calls START_USE()
upon entry, and will call panic() if DEBUG is enabled.
Move this virtqueue_kick() call to after END_USE() call.
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Pawel Moll [Fri, 23 Jan 2015 04:15:55 +0000 (14:45 +1030)]
virtio-mmio: Update the device to OASIS spec version
This patch add a support for second version of the virtio-mmio device,
which follows OASIS "Virtual I/O Device (VIRTIO) Version 1.0"
specification.
Main changes:
1. The control register symbolic names use the new device/driver
nomenclature rather than the old guest/host one.
2. The driver detect the device version (version 1 is the pre-OASIS
spec, version 2 is compatible with fist revision of the OASIS spec)
and drives the device accordingly.
3. New version uses direct addressing (64 bit address split into two
low/high register) instead of the guest page size based one,
and addresses each part of the queue (descriptors, available, used)
separately.
4. The device activity is now explicitly triggered by writing to the
"queue ready" register.
5. Whole 64 bit features are properly handled now (both ways).
Signed-off-by: Pawel Moll <pawel.moll@arm.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Michael S. Tsirkin [Tue, 20 Jan 2015 12:30:52 +0000 (14:30 +0200)]
virtio_pci_modern: drop an unused function
release function in modern driver is unused:
it's a left-over from when each driver had
to have its own release.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Michael S. Tsirkin [Thu, 15 Jan 2015 15:54:13 +0000 (17:54 +0200)]
virtio_pci: add module param to force legacy mode
If set, try legacy interface first, modern one if that fails. Useful to
work around device/driver bugs, and for compatibility testing.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Michael S. Tsirkin [Thu, 15 Jan 2015 14:06:26 +0000 (16:06 +0200)]
virtio_pci: add an option to disable legacy driver
Useful for testing device virtio 1 compatibility.
Based on patch by Rusty - couldn't resist putting
that flying car joke in there!
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Michael S. Tsirkin [Thu, 15 Jan 2015 12:16:24 +0000 (14:16 +0200)]
virtio_pci: drop Kconfig warnings
The ABI *is* stable, and has been for a while now.
Drop Kconfig warning saying that it's not guaranteed
to work.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Michael S. Tsirkin [Thu, 15 Jan 2015 12:15:51 +0000 (14:15 +0200)]
virtio_pci: Kconfig grammar fix
This drivers -> this driver.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Michael S. Tsirkin [Thu, 15 Jan 2015 11:50:06 +0000 (13:50 +0200)]
virtio_rng: drop extra empty line
makes code look a bit prettier.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Michael S. Tsirkin [Thu, 15 Jan 2015 11:33:31 +0000 (13:33 +0200)]
virtio_ring: coding style fix
Most of our code has
struct foo {
}
Fix one instances where ring is inconsistent.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Michael S. Tsirkin [Thu, 15 Jan 2015 11:33:31 +0000 (13:33 +0200)]
virtio_blk: coding style fixes
Most of our code has
struct foo {
}
Fix two instances where blk is inconsistent.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Michael S. Tsirkin [Thu, 15 Jan 2015 11:33:31 +0000 (13:33 +0200)]
virtio_balloon: coding style fixes
Most of our code has
struct foo {
}
Fix two instances where balloon is inconsistent.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Michael S. Tsirkin [Tue, 13 Jan 2015 14:34:58 +0000 (16:34 +0200)]
virtio_pci_modern: support devices with no config
Virtio 1.0 spec lists device config as optional.
Set get/set callbacks to NULL. Drivers can check that
and fail gracefully.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Michael S. Tsirkin [Wed, 14 Jan 2015 16:50:55 +0000 (18:50 +0200)]
virtio_pci_modern: reduce number of mappings
We don't know the # of VQs that drivers are going to use so it's hard to
predict how much memory we'll need to map. However, the relevant
capability does give us an upper limit.
If that's below a page, we can reduce the number of required
mappings by mapping it all once ahead of the time.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Rusty Russell [Thu, 30 May 2013 06:59:32 +0000 (16:29 +0930)]
virtio_pci: macros for PCI layout offsets
QEMU wants it, so why not? Trust, but verify.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Michael S. Tsirkin [Thu, 11 Dec 2014 11:59:51 +0000 (13:59 +0200)]
virtio_pci: modern driver
Lightly tested against qemu.
One thing *not* implemented here is separate mappings
for descriptor/avail/used rings. That's nice to have,
will be done later after we have core support.
This also exposes the PCI layout to userspace, and
adds macros for PCI layout offsets:
QEMU wants it, so why not? Trust, but verify.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Rusty Russell [Wed, 29 May 2013 02:22:22 +0000 (11:52 +0930)]
virtio-pci: define layout for virtio 1.0
Based on patches by Michael S. Tsirkin <mst@redhat.com>, but I found it
hard to follow so changed to use structures which are more
self-documenting.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Michael S. Tsirkin [Tue, 13 Jan 2015 09:23:32 +0000 (11:23 +0200)]
virtio_pci: move probe/remove code to common
Most of initialization is device-independent.
Let's move it to common.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Sasha Levin [Fri, 2 Jan 2015 19:47:39 +0000 (14:47 -0500)]
virtio_pci: drop useless del_vqs call
Device VQs were getting freed twice: once in every device's removal
functions, and then again in virtio_pci_legacy_remove(). The ones in
devices are called first, so drop the useless second call.
Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Michael S. Tsirkin [Wed, 29 May 2013 02:22:21 +0000 (11:52 +0930)]
s390: add pci_iomap_range
Virtio drivers should map the part of the range they need, not
necessarily all of it.
To this end, support mapping ranges within BAR on s390.
Since multiple ranges can now be mapped within a BAR, we keep track of
the number of mappings created, and only clear out the mapping for a BAR
when this number reaches 0.
Cc: Bjorn Helgaas <bhelgaas@google.com>
Cc: linux-pci@vger.kernel.org
Tested-by: Sebastian Ott <sebott@linux.vnet.ibm.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Michael S. Tsirkin [Wed, 29 May 2013 02:22:21 +0000 (11:52 +0930)]
pci: add pci_iomap_range
Virtio drivers should map the part of the BAR they need, not necessarily
all of it.
Cc: Bjorn Helgaas <bhelgaas@google.com>
Cc: linux-pci@vger.kernel.org
Acked-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Michael S. Tsirkin [Sun, 14 Dec 2014 12:54:17 +0000 (14:54 +0200)]
mn10300: drop dead code
pci-iomap.c was (apparently, mistakenly) reintroduced as part of
commit
83c2dc15ce824450e7044b9f90cd529c25747ae0
MN10300: Handle cacheable PCI regions in pci_iomap()
probably as side-effect of forward-porting the patch
from an old kernel.
It's not really needed: the generic pci_iomap does the right thing here.
The new file isn't compiled so it's safe to drop.
Cc: Bjorn Helgaas <bhelgaas@google.com>
Cc: linux-pci@vger.kernel.org
Cc: trivial@kernel.org
Cc: David Howells <dhowells@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Michael S. Tsirkin [Mon, 12 Jan 2015 14:23:37 +0000 (16:23 +0200)]
virtio/balloon: verify device has config space
Some devices might not implement config space access
(e.g. remoteproc used not to - before 3.9).
virtio/balloon needs config space access so make it
fail gracefully if not there.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Michael S. Tsirkin [Mon, 12 Jan 2015 14:23:37 +0000 (16:23 +0200)]
virtio/scsi: verify device has config space
Some devices might not implement config space access
(e.g. remoteproc used not to - before 3.9).
virtio/scsi needs config space access so make it
fail gracefully if not there.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Michael S. Tsirkin [Mon, 12 Jan 2015 14:23:37 +0000 (16:23 +0200)]
virtio/net: verify device has config space
Some devices might not implement config space access
(e.g. remoteproc used not to - before 3.9).
virtio/net needs config space access so make it
fail gracefully if not there.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Michael S. Tsirkin [Mon, 12 Jan 2015 14:23:37 +0000 (16:23 +0200)]
virtio/console: verify device has config space
Some devices might not implement config space access
(e.g. remoteproc used not to - before 3.9).
virtio/console needs config space access so make it
fail gracefully if not there.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Michael S. Tsirkin [Mon, 12 Jan 2015 14:23:37 +0000 (16:23 +0200)]
virtio/blk: verify device has config space
Some devices might not implement config space access
(e.g. remoteproc used not to - before 3.9).
virtio/blk needs config space access so make it
fail gracefully if not there.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Michael S. Tsirkin [Mon, 12 Jan 2015 14:23:37 +0000 (16:23 +0200)]
virtio/9p: verify device has config space
Some devices might not implement config space access
(e.g. remoteproc used not to - before 3.9).
virtio/9p needs config space access so make it
fail gracefully if not there.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Michael S. Tsirkin [Sun, 28 Dec 2014 10:35:05 +0000 (12:35 +0200)]
virtio_pci: drop virtio_config dependency
virtio_pci does not depend on virtio_config:
let's not include it, users can pull it in as necessary.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Linus Torvalds [Tue, 20 Jan 2015 19:54:16 +0000 (07:54 +1200)]
Merge branch 'for-3.19-fixes' of git://git./linux/kernel/git/tj/libata
Pull libata fixes from Tejun Heo:
- Bartlomiej will be co-maintaining PATA portion of libata. git
workflow will stay the same.
- sata_sil24 wasn't happy with tag ordered submission. An option to
restore the old tag allocation behavior is implemented for sil24.
- a very old race condition in PIO host state machine which can trigger
BUG fixed.
- other driver-specific changes
* 'for-3.19-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/libata:
libata: prevent HSM state change race between ISR and PIO
libata: allow sata_sil24 to opt-out of tag ordered submission
ata: pata_at91: depend on !ARCH_MULTIPLATFORM
ahci: Remove Device ID for Intel Sunrise Point PCH
ahci: Use dev_info() to inform about the lack of Device Sleep support
libata: Whitelist SSDs that are known to properly return zeroes after TRIM
sata_dwc_460ex: fix resource leak on error path
ata: add MAINTAINERS entry for libata PATA drivers
libata: clean up MAINTAINERS entries
libata: export ata_get_cmd_descript()
ahci_xgene: Fix the DMA state machine lockup for the ATA_CMD_PACKET PIO mode command.
ahci_xgene: Fix the endianess issue in APM X-Gene SoC AHCI SATA controller driver.
Linus Torvalds [Tue, 20 Jan 2015 19:51:46 +0000 (07:51 +1200)]
Merge branch 'for-3.19-fixes' of git://git./linux/kernel/git/tj/wq
Pull workqueue fix from Tejun Heo:
"The xfs folks have been running into weird and very rare lockups for
some time now. I didn't think this could have been from workqueue
side because no one else was reporting it. This time, Eric had a
kdump which we looked into and it turned out this actually was a
workqueue bug and the bug has been there since the beginning of
concurrency managed workqueue.
A worker pool ensures forward progress of the workqueues associated
with it by always having at least one worker reserved from executing
work items. When the pool is under contention, the idle one tries to
create more workers for the pool and if that doesn't succeed quickly
enough, it calls the rescuers to the pool.
This logic had a subtle race condition in an early exit path. When a
worker invokes this manager function, the function may return %false
indicating that the caller may proceed to executing work items either
because another worker is already performing the role or conditions
have changed and the pool is no longer under contention.
The latter part depended on the assumption that whether more workers
are necessary or not remains stable while the pool is locked; however,
pool->nr_running (concurrency count) may change asynchronously and it
getting bumped from zero asynchronously could send off the last idle
worker to execute work items.
The race window is fairly narrow, and, even when it gets triggered,
the pool deadlocks iff if all work items get blocked on pending work
items of the pool, which is highly unlikely but can be triggered by
xfs.
The patch removes the race window by removing the early exit path,
which doesn't server any purpose anymore anyway"
* 'for-3.19-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/wq:
workqueue: fix subtle pool management issue which can stall whole worker_pool
Linus Torvalds [Tue, 20 Jan 2015 09:23:41 +0000 (21:23 +1200)]
Merge tag 'pinctrl-v3.19-3' of git://git./linux/kernel/git/linusw/linux-pinctrl
Pull pin control fixes from Linus Walleij:
"Here is a (hopefully final) slew of pin control fixes for the v3.19
series. The deadlock fix is kind of serious and tagged for stable,
the rest is business as usual.
- Fix two deadlocks around the pin control mutexes, a long-standing
issue that manifest itself in plug/unplug of pin controllers.
(Tagged for stable.)
- Handle an error path with zero functions in the Qualcomm pin
controller.
- Drop a bogus second GPIO chip added in the Lantiq driver.
- Fix sudden IRQ loss on Rockchip pin controllers.
- Register the GIT tree in MAINTAINERS"
* tag 'pinctrl-v3.19-3' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl:
pinctrl: MAINTAINERS: add git tree reference
pinctrl: qcom: Don't iterate past end of function array
pinctrl: lantiq: remove bogus of_gpio_chip_add
pinctrl: Fix two deadlocks
pinctrl: rockchip: Avoid losing interrupts when supporting both edges
Linus Torvalds [Tue, 20 Jan 2015 06:19:31 +0000 (18:19 +1200)]
Merge git://git./linux/kernel/git/davem/net
Pull networking fixes from David Miller:
1) Socket addresses returned in the error queue need to be fully
initialized before being passed on to userspace, fix from Willem de
Bruijn.
2) Interrupt handling fixes to davinci_emac driver from Tony Lindgren.
3) Fix races between receive packet steering and cpu hotplug, from Eric
Dumazet.
4) Allowing netlink sockets to subscribe to unknown multicast groups
leads to crashes, don't allow it. From Johannes Berg.
5) One to many socket races in SCTP fixed by Daniel Borkmann.
6) Put in a guard against the mis-use of ipv6 atomic fragments, from
Hagen Paul Pfeifer.
7) Fix promisc mode and ethtool crashes in sh_eth driver, from Ben
Hutchings.
8) NULL deref and double kfree fix in sxgbe driver from Girish K.S and
Byungho An.
9) cfg80211 deadlock fix from Arik Nemtsov.
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (36 commits)
s2io: use snprintf() as a safety feature
r8152: remove sram_read
r8152: remove generic_ocp_read before writing
bgmac: activate irqs only if there is nothing to poll
bgmac: register napi before the device
sh_eth: Fix ethtool operation crash when net device is down
sh_eth: Fix promiscuous mode on chips without TSU
ipv6: stop sending PTB packets for MTU < 1280
net: sctp: fix race for one-to-many sockets in sendmsg's auto associate
genetlink: synchronize socket closing and family removal
genetlink: disallow subscribing to unknown mcast groups
genetlink: document parallel_ops
net: rps: fix cpu unplug
net: davinci_emac: Add support for emac on dm816x
net: davinci_emac: Fix ioremap for devices with MDIO within the EMAC address space
net: davinci_emac: Fix incomplete code for getting the phy from device tree
net: davinci_emac: Free clock after checking the frequency
net: davinci_emac: Fix runtime pm calls for davinci_emac
net: davinci_emac: Fix hangs with interrupts
ip: zero sockaddr returned on error queue
...
Linus Torvalds [Tue, 20 Jan 2015 06:17:34 +0000 (18:17 +1200)]
Merge git://git./linux/kernel/git/herbert/crypto-2.6
Pull crypto fix from Herbert Xu:
"This fixes a regression that arose from the change to add a crypto
prefix to module names which was done to prevent the loading of
arbitrary modules through the Crypto API.
In particular, a number of modules were missing the crypto prefix
which meant that they could no longer be autoloaded"
* git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
crypto: add missing crypto module aliases
Dan Carpenter [Mon, 19 Jan 2015 19:34:51 +0000 (22:34 +0300)]
s2io: use snprintf() as a safety feature
"sp->desc[i]" has 25 characters. "dev->name" has 15 characters. If we
used all 15 characters then the sprintf() would overflow.
I changed the "sprintf(sp->name, "%s Neterion %s"" to snprintf(), as
well, even though it can't overflow just to be consistent.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Mon, 19 Jan 2015 21:16:36 +0000 (16:16 -0500)]
Merge branch 'r8152'
Hayes Wang says:
====================
r8152: couldn't read OCP_SRAM_DATA
Read OCP_SRAM_DATA would read additional bytes and may let
the hw abnormal.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
hayeswang [Mon, 19 Jan 2015 09:02:46 +0000 (17:02 +0800)]
r8152: remove sram_read
Read OCP register 0xa43a~0xa43b would clear some flags which the hw
would use, and it may let the device lost. However, the unit of
reading is 4 bytes. That is, it would read 0xa438~0xa43b when calling
sram_read() to read OCP_SRAM_DATA.
Signed-off-by: Hayes Wang <hayeswang@realtek.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
hayeswang [Mon, 19 Jan 2015 09:02:45 +0000 (17:02 +0800)]
r8152: remove generic_ocp_read before writing
For ocp_write_word() and ocp_write_byte(), there is a generic_ocp_read()
which is used to read the whole 4 byte data, keep the unchanged bytes,
and modify the expected bytes. However, the "byen" could be used to
determine which bytes of the 4 bytes to write, so the action could be
removed.
Signed-off-by: Hayes Wang <hayeswang@realtek.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Mon, 19 Jan 2015 21:00:02 +0000 (16:00 -0500)]
Merge branch 'bgmac'
Hauke Mehrtens says:
====================
bgmac: some fixes to napi usage
I compared the napi documentation with the bgmac driver and found some
problems in that driver. These two patches should fix the problems.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Hauke Mehrtens [Sun, 18 Jan 2015 18:49:59 +0000 (19:49 +0100)]
bgmac: activate irqs only if there is nothing to poll
IRQs should only get activated when there is nothing to poll in the
queue any more and to after every poll.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
Hauke Mehrtens [Sun, 18 Jan 2015 18:49:58 +0000 (19:49 +0100)]
bgmac: register napi before the device
napi should get registered before the netdev and not after.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Mon, 19 Jan 2015 20:37:44 +0000 (15:37 -0500)]
Merge branch 'sh_eth'
Ben Hutchings says:
====================
sh_eth fixes
I'm currently looking at Ethernet support on the R-Car H2 chip,
reviewing and testing the sh_eth driver. Here are fixes for two fairly
obvious bugs in the driver; I will probably have some more later.
These are not tested on any of the other supported chips.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Ben Hutchings [Fri, 16 Jan 2015 17:51:25 +0000 (17:51 +0000)]
sh_eth: Fix ethtool operation crash when net device is down
The driver connects and disconnects the PHY device whenever the
net device is brought up and down. The ethtool get_settings,
set_settings and nway_reset operations will dereference a null
or dangling pointer if called while it is down.
I think it would be preferable to keep the PHY connected, but there
may be good reasons not to.
As an immediate fix for this bug:
- Set the phydev pointer to NULL after disconnecting the PHY
- Change those three operations to return -ENODEV while the PHY is
not connected
Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
Ben Hutchings [Fri, 16 Jan 2015 17:51:12 +0000 (17:51 +0000)]
sh_eth: Fix promiscuous mode on chips without TSU
Currently net_device_ops::set_rx_mode is only implemented for
chips with a TSU (multiple address table). However we do need
to turn the PRM (promiscuous) flag on and off for other chips.
- Remove the unlikely() from the TSU functions that we may safely
call for chips without a TSU
- Make setting of the MCT flag conditional on the tsu capability flag
- Rename sh_eth_set_multicast_list() to sh_eth_set_rx_mode() and plumb
it into both net_device_ops structures
- Remove the previously-unreachable branch in sh_eth_rx_mode() that
would otherwise reset the flags to defaults for non-TSU chips
Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
Hagen Paul Pfeifer [Thu, 15 Jan 2015 21:34:25 +0000 (22:34 +0100)]
ipv6: stop sending PTB packets for MTU < 1280
Reduce the attack vector and stop generating IPv6 Fragment Header for
paths with an MTU smaller than the minimum required IPv6 MTU
size (1280 byte) - called atomic fragments.
See IETF I-D "Deprecating the Generation of IPv6 Atomic Fragments" [1]
for more information and how this "feature" can be misused.
[1] https://tools.ietf.org/html/draft-ietf-6man-deprecate-atomfrag-generation-00
Signed-off-by: Fernando Gont <fgont@si6networks.com>
Signed-off-by: Hagen Paul Pfeifer <hagen@jauu.net>
Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
David Jeffery [Mon, 19 Jan 2015 19:03:25 +0000 (13:03 -0600)]
libata: prevent HSM state change race between ISR and PIO
It is possible for ata_sff_flush_pio_task() to set ap->hsm_task_state to
HSM_ST_IDLE in between the time __ata_sff_port_intr() checks for HSM_ST_IDLE
and before it calls ata_sff_hsm_move() causing ata_sff_hsm_move() to BUG().
This problem is hard to reproduce making this patch hard to verify, but this
fix will prevent the race.
I have not been able to reproduce the problem, but here is a crash dump from
a 2.6.32 kernel.
On examining the ata port's state, its hsm_task_state field has a value of HSM_ST_IDLE:
crash> struct ata_port.hsm_task_state
ffff881c1121c000
hsm_task_state = 0
Normally, this should not be possible as ata_sff_hsm_move() was called from ata_sff_host_intr(),
which checks hsm_task_state and won't call ata_sff_hsm_move() if it has a HSM_ST_IDLE value.
PID: 11053 TASK:
ffff8816e846cae0 CPU: 0 COMMAND: "sshd"
#0 [
ffff88008ba03960] machine_kexec at
ffffffff81038f3b
#1 [
ffff88008ba039c0] crash_kexec at
ffffffff810c5d92
#2 [
ffff88008ba03a90] oops_end at
ffffffff8152b510
#3 [
ffff88008ba03ac0] die at
ffffffff81010e0b
#4 [
ffff88008ba03af0] do_trap at
ffffffff8152ad74
#5 [
ffff88008ba03b50] do_invalid_op at
ffffffff8100cf95
#6 [
ffff88008ba03bf0] invalid_op at
ffffffff8100bf9b
[exception RIP: ata_sff_hsm_move+317]
RIP:
ffffffff813a77ad RSP:
ffff88008ba03ca0 RFLAGS:
00010097
RAX:
0000000000000000 RBX:
ffff881c1121dc60 RCX:
0000000000000000
RDX:
ffff881c1121dd10 RSI:
ffff881c1121dc60 RDI:
ffff881c1121c000
RBP:
ffff88008ba03d00 R8:
0000000000000000 R9:
000000000000002e
R10:
000000000001003f R11:
000000000000009b R12:
ffff881c1121c000
R13:
0000000000000000 R14:
0000000000000050 R15:
ffff881c1121dd78
ORIG_RAX:
ffffffffffffffff CS: 0010 SS: 0018
#7 [
ffff88008ba03d08] ata_sff_host_intr at
ffffffff813a7fbd
#8 [
ffff88008ba03d38] ata_sff_interrupt at
ffffffff813a821e
#9 [
ffff88008ba03d78] handle_IRQ_event at
ffffffff810e6ec0
--- <IRQ stack> ---
[exception RIP: pipe_poll+48]
RIP:
ffffffff81192780 RSP:
ffff880f26d459b8 RFLAGS:
00000246
RAX:
0000000000000000 RBX:
ffff880f26d459c8 RCX:
0000000000000000
RDX:
0000000000000001 RSI:
0000000000000000 RDI:
ffff881a0539fa80
RBP:
ffffffff8100bb8e R8:
ffff8803b23324a0 R9:
0000000000000000
R10:
ffff880f26d45dd0 R11:
0000000000000008 R12:
ffffffff8109b646
R13:
ffff880f26d45948 R14:
0000000000000246 R15:
0000000000000246
ORIG_RAX:
ffffffffffffff10 CS: 0010 SS: 0018
RIP:
00007f26017435c3 RSP:
00007fffe020c420 RFLAGS:
00000206
RAX:
0000000000000017 RBX:
ffffffff8100b072 RCX:
00007fffe020c45c
RDX:
00007f2604a3f120 RSI:
00007f2604a3f140 RDI:
000000000000000d
RBP:
0000000000000000 R8:
00007fffe020e570 R9:
0101010101010101
R10:
0000000000000000 R11:
0000000000000246 R12:
00007fffe020e5f0
R13:
00007fffe020e5f4 R14:
00007f26045f373c R15:
00007fffe020e5e0
ORIG_RAX:
0000000000000017 CS: 0033 SS: 002b
Somewhere between the ata_sff_hsm_move() check and the ata_sff_host_intr() check, the value changed.
On examining the other cpus to see what else was running, another cpu was running the error handler
routines:
PID: 326 TASK:
ffff881c11014aa0 CPU: 1 COMMAND: "scsi_eh_1"
#0 [
ffff88008ba27e90] crash_nmi_callback at
ffffffff8102fee6
#1 [
ffff88008ba27ea0] notifier_call_chain at
ffffffff8152d515
#2 [
ffff88008ba27ee0] atomic_notifier_call_chain at
ffffffff8152d57a
#3 [
ffff88008ba27ef0] notify_die at
ffffffff810a154e
#4 [
ffff88008ba27f20] do_nmi at
ffffffff8152b1db
#5 [
ffff88008ba27f50] nmi at
ffffffff8152aaa0
[exception RIP: _spin_lock_irqsave+47]
RIP:
ffffffff8152a1ff RSP:
ffff881c11a73aa0 RFLAGS:
00000006
RAX:
0000000000000001 RBX:
ffff881c1121deb8 RCX:
0000000000000000
RDX:
0000000000000246 RSI:
0000000000000020 RDI:
ffff881c122612d8
RBP:
ffff881c11a73aa0 R8:
ffff881c17083800 R9:
0000000000000000
R10:
0000000000000000 R11:
0000000000000000 R12:
ffff881c1121c000
R13:
000000000000001f R14:
ffff881c1121dd50 R15:
ffff881c1121dc60
ORIG_RAX:
ffffffffffffffff CS: 0010 SS: 0000
--- <NMI exception stack> ---
#6 [
ffff881c11a73aa0] _spin_lock_irqsave at
ffffffff8152a1ff
#7 [
ffff881c11a73aa8] ata_exec_internal_sg at
ffffffff81396fb5
#8 [
ffff881c11a73b58] ata_exec_internal at
ffffffff81397109
#9 [
ffff881c11a73bd8] atapi_eh_request_sense at
ffffffff813a34eb
Before it tried to acquire a spinlock, ata_exec_internal_sg() called ata_sff_flush_pio_task().
This function will set ap->hsm_task_state to HSM_ST_IDLE, and has no locking around setting this
value. ata_sff_flush_pio_task() can then race with the interrupt handler and potentially set
HSM_ST_IDLE at a fatal moment, which will trigger a kernel BUG.
v2: Fixup comment in ata_sff_flush_pio_task()
tj: Further updated comment. Use ap->lock instead of shost lock and
use the [un]lock_irq variant instead of the irqsave/restore one.
Signed-off-by: David Milburn <dmilburn@redhat.com>
Signed-off-by: Tejun Heo <tj@kernel.org>
Cc: stable@vger.kernel.org
Dan Williams [Fri, 16 Jan 2015 23:13:02 +0000 (15:13 -0800)]
libata: allow sata_sil24 to opt-out of tag ordered submission
Ronny reports: https://bugzilla.kernel.org/show_bug.cgi?id=87101
"Since commit
8a4aeec8d "libata/ahci: accommodate tag ordered
controllers" the access to the harddisk on the first SATA-port is
failing on its first access. The access to the harddisk on the
second port is working normal.
When reverting the above commit, access to both harddisks is working
fine again."
Maintain tag ordered submission as the default, but allow sata_sil24 to
continue with the old behavior.
Cc: <stable@vger.kernel.org>
Cc: Tejun Heo <tj@kernel.org>
Reported-by: Ronny Hegewald <Ronny.Hegewald@online.de>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Signed-off-by: Tejun Heo <tj@kernel.org>
Linus Walleij [Mon, 19 Jan 2015 10:27:19 +0000 (11:27 +0100)]
pinctrl: MAINTAINERS: add git tree reference
Reference my pinctrl GIT tree @kernel.org
Reported-by: Sergei Shtylyov <sergei.shtylyov@cogentembedded.com>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Stephen Boyd [Mon, 19 Jan 2015 10:17:45 +0000 (11:17 +0100)]
pinctrl: qcom: Don't iterate past end of function array
Timur reports that this code crashes if nfunctions is 0. Fix the
loop iteration to only consider valid elements of the functions
array.
Reported-by: Timur Tabi <timur@codeaurora.org>
Cc: Pramod Gurav <pramod.gurav@smartplayin.com>
Cc: Bjorn Andersson <bjorn.andersson@sonymobile.com>
Cc: Ivan T. Ivanov <iivanov@mm-sol.com>
Cc: Andy Gross <agross@codeaurora.org>
Fixes:
327455817a92 "pinctrl: qcom: Add support for reset for apq8064"
Signed-off-by: Stephen Boyd <sboyd@codeaurora.org>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Linus Torvalds [Sun, 18 Jan 2015 17:03:13 +0000 (05:03 +1200)]
Merge tag 'gpio-v3.19-4' of git://git./linux/kernel/git/linusw/linux-gpio
Pull GPIO fixes from Linus Walleij:
"Here is a set of fixes that mainly appeared when Johan Hovold started
exercising the removal path of the GPIO library, dealing with
hotplugging of GPIO controllers. Details from tag:
A slew of fixes dealing with some irritating bugs (non-regressions)
that have been around forever in the GPIO subsystem, most of them also
tagged for stable:
- A large slew of fixes from Johan Hovold who is finally testing and
reviewing the removal path of the GPIO drivers.
- Fix of_get_named_gpiod_flags() so it works as expected.
- Fix an IRQ handling bug in the crystalcove driver"
* tag 'gpio-v3.19-4' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio:
gpiolib: of: Correct error handling in of_get_named_gpiod_flags
gpio: sysfs: fix gpio attribute-creation race
gpio: sysfs: fix gpio device-attribute leak
gpio: sysfs: fix gpio-chip device-attribute leak
gpio: unregister gpiochip device before removing it
gpio: fix sleep-while-atomic in gpiochip_remove
gpio: fix memory leak and sleep-while-atomic
gpio: clean up gpiochip_add error handling
gpio: fix gpio-chip list corruption
gpio: fix memory and reference leaks in gpiochip_add error path
gpio: crystalcove: use handle_nested_irq
Linus Torvalds [Sun, 18 Jan 2015 16:55:23 +0000 (04:55 +1200)]
Merge branch 'for-linus' of git://git./linux/kernel/git/dtor/input
Pull input subsystem fixes from Dmitry Torokhov.
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input:
Input: uinput - fix ioctl nr overflow for UI_GET_SYSNAME/VERSION
Input: I8042 - add Acer Aspire 7738 to the nomux list
Input: elantech - support new ICs types for version 4
Input: i8042 - reset keyboard to fix Elantech touchpad detection
MAINTAINERS: remove Dmitry Torokhov's alternate address
Linus Torvalds [Sun, 18 Jan 2015 06:02:20 +0000 (18:02 +1200)]
Linux 3.19-rc5
Linus Torvalds [Sun, 18 Jan 2015 06:00:40 +0000 (18:00 +1200)]
Merge tag 'armsoc-for-linus' of git://git./linux/kernel/git/arm/arm-soc
Pull ARM SoC fixes from Olof Johansson:
"We've been sitting on our fixes branch for a while, so this batch is
unfortunately on the large side.
A lot of these are tweaks and fixes to device trees, fixing various
bugs around clocks, reg ranges, etc. There's also a few defconfig
updates (which are on the late side, no more of those).
All in all the diffstat is bigger than ideal at this time, but nothing
in here seems particularly risky"
* tag 'armsoc-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc: (31 commits)
reset: sunxi: fix spinlock initialization
ARM: dts: disable CCI on exynos5420 based arndale-octa
drivers: bus: check cci device tree node status
ARM: rockchip: disable jtag/sdmmc autoswitching on rk3288
ARM: nomadik: fix up leftover device tree pins
ARM: at91: board-dt-sama5: add phy_fixup to override NAND_Tree
ARM: at91/dt: sam9263: Add missing clocks to lcdc node
ARM: at91: sama5d3: dt: correct the sound route
ARM: at91/dt: sama5d4: fix the timer reg length
ARM: exynos_defconfig: Enable LM90 driver
ARM: exynos_defconfig: Enable options for display panel support
arm: dts: Use pmu_system_controller phandle for dp phy
ARM: shmobile: sh73a0 legacy: Set .control_parent for all irqpin instances
ARM: dts: berlin: correct BG2Q's SM GPIO location.
ARM: dts: berlin: add broken-cd and set bus width for eMMC in Marvell DMP DT
ARM: dts: berlin: fix io clk and add missing core clk for BG2Q sdhci2 host
ARM: dts: Revert disabling of smc91x for n900
ARM: dts: imx51-babbage: Fix ULPI PHY reset modelling
ARM: dts: dra7-evm: fix qspi device tree partition size
ARM: omap2plus_defconfig: use CONFIG_CPUFREQ_DT
...
Daniel Borkmann [Thu, 15 Jan 2015 15:34:35 +0000 (16:34 +0100)]
net: sctp: fix race for one-to-many sockets in sendmsg's auto associate
I.e. one-to-many sockets in SCTP are not required to explicitly
call into connect(2) or sctp_connectx(2) prior to data exchange.
Instead, they can directly invoke sendmsg(2) and the SCTP stack
will automatically trigger connection establishment through 4WHS
via sctp_primitive_ASSOCIATE(). However, this in its current
implementation is racy: INIT is being sent out immediately (as
it cannot be bundled anyway) and the rest of the DATA chunks are
queued up for later xmit when connection is established, meaning
sendmsg(2) will return successfully. This behaviour can result
in an undesired side-effect that the kernel made the application
think the data has already been transmitted, although none of it
has actually left the machine, worst case even after close(2)'ing
the socket.
Instead, when the association from client side has been shut down
e.g. first gracefully through SCTP_EOF and then close(2), the
client could afterwards still receive the server's INIT_ACK due
to a connection with higher latency. This INIT_ACK is then considered
out of the blue and hence responded with ABORT as there was no
alive assoc found anymore. This can be easily reproduced f.e.
with sctp_test application from lksctp. One way to fix this race
is to wait for the handshake to actually complete.
The fix defers waiting after sctp_primitive_ASSOCIATE() and
sctp_primitive_SEND() succeeded, so that DATA chunks cooked up
from sctp_sendmsg() have already been placed into the output
queue through the side-effect interpreter, and therefore can then
be bundeled together with COOKIE_ECHO control chunks.
strace from example application (shortened):
socket(PF_INET, SOCK_SEQPACKET, IPPROTO_SCTP) = 3
sendmsg(3, {msg_name(28)={sa_family=AF_INET, sin_port=htons(8888), sin_addr=inet_addr("192.168.1.115")},
msg_iov(1)=[{"hello", 5}], msg_controllen=0, msg_flags=0}, 0) = 5
sendmsg(3, {msg_name(28)={sa_family=AF_INET, sin_port=htons(8888), sin_addr=inet_addr("192.168.1.115")},
msg_iov(1)=[{"hello", 5}], msg_controllen=0, msg_flags=0}, 0) = 5
sendmsg(3, {msg_name(28)={sa_family=AF_INET, sin_port=htons(8888), sin_addr=inet_addr("192.168.1.115")},
msg_iov(1)=[{"hello", 5}], msg_controllen=0, msg_flags=0}, 0) = 5
sendmsg(3, {msg_name(28)={sa_family=AF_INET, sin_port=htons(8888), sin_addr=inet_addr("192.168.1.115")},
msg_iov(1)=[{"hello", 5}], msg_controllen=0, msg_flags=0}, 0) = 5
sendmsg(3, {msg_name(28)={sa_family=AF_INET, sin_port=htons(8888), sin_addr=inet_addr("192.168.1.115")},
msg_iov(0)=[], msg_controllen=48, {cmsg_len=48, cmsg_level=0x84 /* SOL_??? */, cmsg_type=, ...},
msg_flags=0}, 0) = 0 // graceful shutdown for SOCK_SEQPACKET via SCTP_EOF
close(3) = 0
tcpdump before patch (fooling the application):
22:33:36.306142 IP 192.168.1.114.41462 > 192.168.1.115.8888: sctp (1) [INIT] [init tag:
3879023686] [rwnd: 106496] [OS: 10] [MIS: 65535] [init TSN:
3139201684]
22:33:36.316619 IP 192.168.1.115.8888 > 192.168.1.114.41462: sctp (1) [INIT ACK] [init tag:
3345394793] [rwnd: 106496] [OS: 10] [MIS: 10] [init TSN:
3380109591]
22:33:36.317600 IP 192.168.1.114.41462 > 192.168.1.115.8888: sctp (1) [ABORT]
tcpdump after patch:
14:28:58.884116 IP 192.168.1.114.35846 > 192.168.1.115.8888: sctp (1) [INIT] [init tag:
438593213] [rwnd: 106496] [OS: 10] [MIS: 65535] [init TSN:
3092969729]
14:28:58.888414 IP 192.168.1.115.8888 > 192.168.1.114.35846: sctp (1) [INIT ACK] [init tag:
381429855] [rwnd: 106496] [OS: 10] [MIS: 10] [init TSN:
2141904492]
14:28:58.888638 IP 192.168.1.114.35846 > 192.168.1.115.8888: sctp (1) [COOKIE ECHO] , (2) [DATA] (B)(E) [TSN:
3092969729] [...]
14:28:58.893278 IP 192.168.1.115.8888 > 192.168.1.114.35846: sctp (1) [COOKIE ACK] , (2) [SACK] [cum ack
3092969729] [a_rwnd 106491] [#gap acks 0] [#dup tsns 0]
14:28:58.893591 IP 192.168.1.114.35846 > 192.168.1.115.8888: sctp (1) [DATA] (B)(E) [TSN:
3092969730] [...]
14:28:59.096963 IP 192.168.1.115.8888 > 192.168.1.114.35846: sctp (1) [SACK] [cum ack
3092969730] [a_rwnd 106496] [#gap acks 0] [#dup tsns 0]
14:28:59.097086 IP 192.168.1.114.35846 > 192.168.1.115.8888: sctp (1) [DATA] (B)(E) [TSN:
3092969731] [...] , (2) [DATA] (B)(E) [TSN:
3092969732] [...]
14:28:59.103218 IP 192.168.1.115.8888 > 192.168.1.114.35846: sctp (1) [SACK] [cum ack
3092969732] [a_rwnd 106486] [#gap acks 0] [#dup tsns 0]
14:28:59.103330 IP 192.168.1.114.35846 > 192.168.1.115.8888: sctp (1) [SHUTDOWN]
14:28:59.107793 IP 192.168.1.115.8888 > 192.168.1.114.35846: sctp (1) [SHUTDOWN ACK]
14:28:59.107890 IP 192.168.1.114.35846 > 192.168.1.115.8888: sctp (1) [SHUTDOWN COMPLETE]
Looks like this bug is from the pre-git history museum. ;)
Fixes:
08707d5482df ("lksctp-2_5_31-0_5_1.patch")
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Acked-by: Vlad Yasevich <vyasevich@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Linus Torvalds [Sun, 18 Jan 2015 03:29:11 +0000 (15:29 +1200)]
Merge tag 'clk-fixes-for-linus' of git://git.linaro.org/people/mike.turquette/linux
Pull clock driver fixes from Mike Turquette:
"Small number of fixes for clock drivers and a single null pointer
dereference fix in the framework core code.
The driver fixes vary from fixing section mismatch warnings to
preventing machines from hanging (and preventing developers from
crying)"
* tag 'clk-fixes-for-linus' of git://git.linaro.org/people/mike.turquette/linux:
clk: fix possible null pointer dereference
Revert "clk: ppc-corenet: Fix Section mismatch warning"
clk: rockchip: fix deadlock possibility in cpuclk
clk: berlin: bg2q: remove non-exist "smemc" gate clock
clk: at91: keep slow clk enabled to prevent system hang
clk: rockchip: fix rk3288 cpuclk core dividers
clk: rockchip: fix rk3066 pll lock bit location
clk: rockchip: Fix clock gate for rk3188 hclk_emem_peri
clk: rockchip: add CLK_IGNORE_UNUSED flag to fix rk3066/rk3188 USB Host
Linus Torvalds [Sun, 18 Jan 2015 03:26:52 +0000 (15:26 +1200)]
Merge tag 'scsi-fixes' of git://git./linux/kernel/git/jejb/scsi
Pull SCSI fixes from James Bottomley:
"This is one fix for a Multiqueue sleeping in invalid context problem
and a MAINTAINER file update for Qlogic"
* tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
scsi: ->queue_rq can't sleep
MAINTAINERS: Update maintainer list for qla4xxx
Stanimir Varbanov [Mon, 5 Jan 2015 16:04:23 +0000 (18:04 +0200)]
clk: fix possible null pointer dereference
The commit
646cafc6 (clk: Change clk_ops->determine_rate to
return a clk_hw as the best parent) opens a possibility for
null pointer dereference, fix this.
Signed-off-by: Stanimir Varbanov <svarbanov@mm-sol.com>
Reviewed-by: Stephen Boyd <sboyd@codeaurora.org>
Signed-off-by: Michael Turquette <mturquette@linaro.org>
Kevin Hao [Wed, 3 Dec 2014 08:53:51 +0000 (16:53 +0800)]
Revert "clk: ppc-corenet: Fix Section mismatch warning"
This reverts commit
da788acb28386aa896224e784954bb73c99ff26c.
That commit tried to fix the section mismatch warning by moving the
ppc_corenet_clk_driver struct to init section. This is definitely wrong
because the kernel would free the memories occupied by this struct
after boot while this driver is still registered in the driver core.
The kernel would panic when accessing this driver struct.
Cc: stable@vger.kernel.org # 3.17
Signed-off-by: Kevin Hao <haokexin@gmail.com>
Acked-by: Scott Wood <scottwood@freescale.com>
Signed-off-by: Michael Turquette <mturquette@linaro.org>
Heiko Stübner [Fri, 16 Jan 2015 16:52:44 +0000 (17:52 +0100)]
clk: rockchip: fix deadlock possibility in cpuclk
Lockdep reported a possible deadlock between the cpuclk lock and for example
the i2c driver.
CPU0 CPU1
---- ----
lock(clk_lock);
local_irq_disable();
lock(&(&i2c->lock)->rlock);
lock(clk_lock);
<Interrupt>
lock(&(&i2c->lock)->rlock);
*** DEADLOCK ***
The generic clock-types of the core ccf already use spin_lock_irqsave when
touching clock registers, so do the same for the cpuclk.
Signed-off-by: Heiko Stuebner <heiko@sntech.de>
Reviewed-by: Doug Anderson <dianders@chromium.org>
Signed-off-by: Michael Turquette <mturquette@linaro.org>
[mturquette@linaro.org: removed initialization of "flags"]
Linus Torvalds [Sat, 17 Jan 2015 18:26:24 +0000 (06:26 +1200)]
Merge branch 'fixes' of git://git.infradead.org/users/vkoul/slave-dma
Pull dmaengine fixes from Vinod Koul:
"Two patches, the first by Andy to fix dw dmac runtime pm and second
one by me to fix the dmaengine headers in MAINTAINERS"
* 'fixes' of git://git.infradead.org/users/vkoul/slave-dma:
dmaengine: dw: balance PM runtime calls
MAINTAINERS: dmaengine: fix the header file for dmaengine
Linus Torvalds [Sat, 17 Jan 2015 18:24:30 +0000 (06:24 +1200)]
Merge branch 'perf-urgent-for-linus' of git://git./linux/kernel/git/tip/tip
Pull perf fixes from Ingo Molnar:
"Mostly tooling fixes, but also two PMU driver fixes"
* 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
perf tools powerpc: Use dwfl_report_elf() instead of offline.
perf tools: Fix segfault for symbol annotation on TUI
perf test: Fix dwarf unwind using libunwind.
perf tools: Avoid build splat for syscall numbers with uclibc
perf tools: Elide strlcpy warning with uclibc
perf tools: Fix statfs.f_type data type mismatch build error with uclibc
tools: Remove bitops/hweight usage of bits in tools/perf
perf machine: Fix __machine__findnew_thread() error path
perf tools: Fix building error in x86_64 when dwarf unwind is on
perf probe: Propagate error code when write(2) failed
perf/x86/intel: Fix bug for "cycles:p" and "cycles:pp" on SLM
perf/rapl: Fix sysfs_show() initialization for RAPL PMU
Ingo Molnar [Sat, 17 Jan 2015 10:04:35 +0000 (11:04 +0100)]
Merge tag 'perf-urgent-for-mingo' of git://git./linux/kernel/git/acme/linux into perf/urgent
Pull perf/urgent fixes from Arnaldo Carvalho de Melo:
- Fix segfault when using both the map symtab viewer and annotation
in the TUI (Namhyung Kim).
- uClibc build fixes (Alexey Brodkin, Vineet Gupta).
- bitops/hweight were moved from tools/perf/ too tools/include, move
some leftovers (Arnaldo Carvalho de Melo)
- Fix dwarf unwind x86_64 build error (Namhyung Kim)
- Fix __machine__findnew_thread() error path (Namhyung Kim)
- Propagate error code when write(2) failed in 'perf probe' (Namhyung Kim)
- Use dwfl_report_elf() instead of offline in powerpc bits to
properly handle non prelinked DSOs (Sukadev Bhattiprolu).
- Fix dwarf unwind using libunwind in 'perf test' (Wang Nan)
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Olof Johansson [Thu, 15 Jan 2015 23:45:18 +0000 (15:45 -0800)]
Merge tag 'samsung-fixes-3.19' of git://git./linux/kernel/git/kgene/linux-samsung into fixes
Merge "Samsung fixes for v3.19" from Kukjin Kim:
Samsung fixes for v3.19
- exynos_defconfig: enable LM90 driver and display panel support
- HWMON
- SENSORS_LM90
- Direct Rendering Manager (DRM)
- DRM bridge registration and lookup framework
- Parade ps8622/ps8625 eDP/LVDS bridge
- NXP ptn3460 eDP/LVDS bridge
- Exynos Fully Interactive Mobile Display controller (FIMD)
- Panel registration and lookup framework
- Simple panels
- Backlight & LCD device support
- use pmu_system_controller phandle for dp phy
: DP PHY requires pmu_system_controller to handle PMU reg. now
* tag 'samsung-fixes-3.19' of git://git.kernel.org/pub/scm/linux/kernel/git/kgene/linux-samsung:
ARM: exynos_defconfig: Enable LM90 driver
ARM: exynos_defconfig: Enable options for display panel support
arm: dts: Use pmu_system_controller phandle for dp phy
Signed-off-by: Olof Johansson <olof@lixom.net>
Tyler Baker [Mon, 12 Jan 2015 15:54:46 +0000 (07:54 -0800)]
reset: sunxi: fix spinlock initialization
Call spin_lock_init() before the spinlocks are used, both in early init
and probe functions preventing a lockdep splat.
I have been observing lockdep complaining [1] during boot on my a80 optimus [2]
when CONFIG_PROVE_LOCKING has been enabled. This patch resolves the splat,
and has been tested on a few other sunxi platforms without issue.
[1] http://storage.kernelci.org/next/next-
20150107/arm-multi_v7_defconfig+CONFIG_PROVE_LOCKING=y/lab-tbaker/boot-sun9i-a80-optimus.html
[2] http://kernelci.org/boot/?a80-optimus
Signed-off-by: Tyler Baker <tyler.baker@linaro.org>
Cc: <stable@vger.kernel.org>
Acked-by: Philipp Zabel <p.zabel@pengutronix.de>
Signed-off-by: Kevin Hilman <khilman@linaro.org>
Signed-off-by: Olof Johansson <olof@lixom.net>
Olof Johansson [Tue, 13 Jan 2015 23:32:43 +0000 (15:32 -0800)]
Merge tag 'renesas-soc-fixes-for-v3.19' of git://git./linux/kernel/git/horms/renesas into fixes
Merge "Renesas ARM Based SoC Fixes for v3.19" from Simon Horman:
Renesas ARM Based SoC Fixes for v3.19
This pull request is based on the last round of SoC updates for v3.19,
Fourth Round of Renesas ARM Based SoC Updates for v3.19, tagged as
renesas-soc3-for-v3.19, merged into your next/soc branch and included in
v3.19-rc1.
- ARM: shmobile: r8a7740: Instantiate GIC from C board code in legacy builds
Set .control_parent for all irqpin instances for sh73a0 SoC when booting
using legacy C.
- ARM: shmobile: r8a7740: Instantiate GIC from C board code in legacy builds
This fixes a long standing problem which has been present since
the sh73a0 SoC started using the INTC External IRQ pin driver.
The patch that introduced the problem is
341eb5465f67437a ("ARM:
shmobile: INTC External IRQ pin driver on sh73a0") which was included
in v3.10.
* tag 'renesas-soc-fixes-for-v3.19' of git://git.kernel.org/pub/scm/linux/kernel/git/horms/renesas:
ARM: shmobile: sh73a0 legacy: Set .control_parent for all irqpin instances
ARM: shmobile: r8a7740: Instantiate GIC from C board code in legacy builds
Abhilash Kesavan [Sat, 10 Jan 2015 03:11:36 +0000 (08:41 +0530)]
ARM: dts: disable CCI on exynos5420 based arndale-octa
The arndale-octa board was giving "imprecise external aborts" during
boot-up with MCPM enabled. CCI enablement of the boot cluster was found
to be the cause of these aborts (possibly because the secure f/w was not
allowing it). Hence, disable CCI for the arndale-octa board.
Signed-off-by: Abhilash Kesavan <a.kesavan@samsung.com>
Tested-by: Krzysztof Kozlowski <k.kozlowski@samsung.com>
Tested-by: Kevin Hilman <khilman@linaro.org>
Tested-by: Tyler Baker <tyler.baker@linaro.org>
Signed-off-by: Olof Johansson <olof@lixom.net>
Abhilash Kesavan [Sat, 10 Jan 2015 03:11:35 +0000 (08:41 +0530)]
drivers: bus: check cci device tree node status
The arm-cci driver completes the probe sequence even if the cci node is
marked as disabled. Add a check in the driver to honour the cci status
in the device tree.
Signed-off-by: Abhilash Kesavan <a.kesavan@samsung.com>
Acked-by: Sudeep Holla <sudeep.holla@arm.com>
Acked-by: Nicolas Pitre <nico@linaro.org>
Tested-by: Sudeep Holla <sudeep.holla@arm.com>
Tested-by: Kevin Hilman <khilman@linaro.org>
Signed-off-by: Olof Johansson <olof@lixom.net>
Olof Johansson [Mon, 12 Jan 2015 22:11:58 +0000 (14:11 -0800)]
Merge tag 'at91-fixes' of git://git./linux/kernel/git/nferre/linux-at91 into fixes
Merge "at91: fixes for 3.19 #1 (ter)" from Nicolas Ferre:
First fixes batch for AT91 on 3.19:
- fix some DT entries
- correct clock entry for the at91sam9263 LCD
- add a phy_fixup for Eth1 on sama5d4
* tag 'at91-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/nferre/linux-at91:
ARM: at91: board-dt-sama5: add phy_fixup to override NAND_Tree
ARM: at91/dt: sam9263: Add missing clocks to lcdc node
ARM: at91: sama5d3: dt: correct the sound route
ARM: at91/dt: sama5d4: fix the timer reg length
Signed-off-by: Olof Johansson <olof@lixom.net>
Heiko Stübner [Sun, 11 Jan 2015 22:09:23 +0000 (23:09 +0100)]
ARM: rockchip: disable jtag/sdmmc autoswitching on rk3288
rk3288 SoCs have a function to automatically switch between jtag/sdmmc pinmux
settings depending on the card state. This collides with a lot of assumptions.
It only works when using the internal card-detect mechanism and breaks
horribly when using either the normal card-detect via the slot-gpio function
or via any other pin. Also there is of course no link between the mmc and jtag
on the software-side, so the jtag clocks may very well be disabled when the
card is ejected and the soc switches back to the jtag pinmux.
Leaving the switching function enabled did result in mmc timeouts and rcu
stalls thus hanging the system on 3.19-rc1. Therefore disable it in all cases,
as we expect the devicetree to explicitly select either mmc or jtag pinmuxes
anyway.
Signed-off-by: Heiko Stuebner <heiko@sntech.de>
Signed-off-by: Olof Johansson <olof@lixom.net>
Olof Johansson [Sun, 11 Jan 2015 21:07:05 +0000 (13:07 -0800)]
Merge tag 'berlin-fixes-for-3.19-1' of git://git.infradead.org/users/hesselba/linux-berlin into fixes
Merge "ARM: berlin: Fixes for v3.19 (round 1)" from Sebastian Hesselbarth:
Marvell Berlin fixes for v3.19 round 1:
- SDHCI DT fixes for BG2Q and BG2Q reference board
- BG2Q SM GPIO DT node relocation
* tag 'berlin-fixes-for-3.19-1' of git://git.infradead.org/users/hesselba/linux-berlin:
ARM: dts: berlin: correct BG2Q's SM GPIO location.
ARM: dts: berlin: add broken-cd and set bus width for eMMC in Marvell DMP DT
ARM: dts: berlin: fix io clk and add missing core clk for BG2Q sdhci2 host
Signed-off-by: Olof Johansson <olof@lixom.net>
Linus Walleij [Fri, 9 Jan 2015 19:11:20 +0000 (20:11 +0100)]
ARM: nomadik: fix up leftover device tree pins
We altered the device tree bindings for the Nomadik family of
pin controllers to be standard, this file was merged out-of-order
so we missed fixing this. Fix it up.
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Olof Johansson <olof@lixom.net>
Olof Johansson [Thu, 8 Jan 2015 22:43:00 +0000 (14:43 -0800)]
Merge tag 'omap-for-v3.19/fixes-rc1' of git://git./linux/kernel/git/tmlind/linux-omap into fixes
Merge "omap fixes against v3.19-rc1" from Tony Lindgren:
Fixes for omaps mostly to deal with dra7 timer issues
and hypervisor mode. The other fixes are minor fixes for
various boards. The summary of the fixes is:
- Fix real-time counter rate typos for some frequencies
- Fix counter frequency drift for am572x
- Fix booting of secondary CPU in HYP mode
- Fix n900 board name for legacy user space
- Fix cpufreq in omap2plus_defconfig after Kconfig change
- Fix dra7 qspi partitions
And also, let's re-enable smc91x on some n900 boards that
we have sitting in a few test boot systems after the boot
loader dependencies got fixed.
* tag 'omap-for-v3.19/fixes-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap:
ARM: dts: Revert disabling of smc91x for n900
ARM: dts: dra7-evm: fix qspi device tree partition size
ARM: omap2plus_defconfig: use CONFIG_CPUFREQ_DT
ARM: OMAP2+: Fix n900 board name for legacy user space
ARM: omap5/dra7xx: Enable booting secondary CPU in HYP mode
ARM: dra7xx: Fix counter frequency drift for AM572x errata i856
ARM: omap5/dra7xx: Fix frequency typos
Signed-off-by: Olof Johansson <olof@lixom.net>
Olof Johansson [Thu, 8 Jan 2015 22:42:11 +0000 (14:42 -0800)]
Merge tag 'imx-fixes-3.19' of git://git./linux/kernel/git/shawnguo/linux into fixes
Merge "ARM: imx: fixes for 3.19" from Shawn Guo:
The i.MX fixes for 3.19:
- One fix for incorrect i.MX25 SPI1 clock assignment in device tree,
which causes system hang when accessing SPI1.
- Correct i.MX6SX QSPI parent clock configuration to fix a kernel Oops.
- Fix ULPI PHY reset modelling on imx51-babbage board to remove the
dependency on bootloader for USB3317 ULPI PHY reset.
- Correct video divider setting on i.MX6Q rev T0 1.0 to fix the issue
that HDMI is not working at high resolution on T0 1.0.
- One incremental fix for CODA960 VPU enabling in device tree to
correct interrupt order.
- LS1021A SCFG block works in BE mode, add device tree property
big-endian to make it right.
* tag 'imx-fixes-3.19' of git://git.kernel.org/pub/scm/linux/kernel/git/shawnguo/linux:
ARM: dts: imx51-babbage: Fix ULPI PHY reset modelling
ARM: imx6sx: Set PLL2 as parent of QSPI clocks
ARM: dts: imx25: Fix the SPI1 clocks
ARM: clk-imx6q: fix video divider for rev T0 1.0
ARM: dts: imx6qdl: Fix CODA960 interrupt order
ARM: ls1021a: dtsi: add 'big-endian' property for scfg node
Signed-off-by: Olof Johansson <olof@lixom.net>
Olof Johansson [Thu, 8 Jan 2015 22:38:36 +0000 (14:38 -0800)]
Merge tag 'v3.19-rockchip-dtsfixes1' of git://git./linux/kernel/git/mmind/linux-rockchip into fixes
Merge "ARM: rockchip: dts fix for 3.19" from Heiko Stübner:
Increase drive-strength to sdmmc pins on rk3288-evb to fix
an issue with the fixed highspeed card detection.
* tag 'v3.19-rockchip-dtsfixes1' of git://git.kernel.org/pub/scm/linux/kernel/git/mmind/linux-rockchip:
ARM: dts: rockchip: bump sd card pin drive strength up on rk3288-evb
Signed-off-by: Olof Johansson <olof@lixom.net>
Johannes Berg [Fri, 16 Jan 2015 10:37:14 +0000 (11:37 +0100)]
genetlink: synchronize socket closing and family removal
In addition to the problem Jeff Layton reported, I looked at the code
and reproduced the same warning by subscribing and removing the genl
family with a socket still open. This is a fairly tricky race which
originates in the fact that generic netlink allows the family to go
away while sockets are still open - unlike regular netlink which has
a module refcount for every open socket so in general this cannot be
triggered.
Trying to resolve this issue by the obvious locking isn't possible as
it will result in deadlocks between unregistration and group unbind
notification (which incidentally lockdep doesn't find due to the home
grown locking in the netlink table.)
To really resolve this, introduce a "closing socket" reference counter
(for generic netlink only, as it's the only affected family) in the
core netlink code and use that in generic netlink to wait for all the
sockets that are being closed at the same time as a generic netlink
family is removed.
This fixes the race that when a socket is closed, it will should call
the unbind, but if the family is removed at the same time the unbind
will not find it, leading to the warning. The real problem though is
that in this case the unbind could actually find a new family that is
registered to have a multicast group with the same ID, and call its
mcast_unbind() leading to confusing.
Also remove the warning since it would still trigger, but is now no
longer a problem.
This also moves the code in af_netlink.c to before unreferencing the
module to avoid having the same problem in the normal non-genl case.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Johannes Berg [Fri, 16 Jan 2015 10:37:13 +0000 (11:37 +0100)]
genetlink: disallow subscribing to unknown mcast groups
Jeff Layton reported that he could trigger the multicast unbind warning
in generic netlink using trinity. I originally thought it was a race
condition between unregistering the generic netlink family and closing
the socket, but there's a far simpler explanation: genetlink currently
allows subscribing to groups that don't (yet) exist, and the warning is
triggered when unsubscribing again while the group still doesn't exist.
Originally, I had a warning in the subscribe case and accepted it out of
userspace API concerns, but the warning was of course wrong and removed
later.
However, I now think that allowing userspace to subscribe to groups that
don't exist is wrong and could possibly become a security problem:
Consider a (new) genetlink family implementing a permission check in
the mcast_bind() function similar to the like the audit code does today;
it would be possible to bypass the permission check by guessing the ID
and subscribing to the group it exists. This is only possible in case a
family like that would be dynamically loaded, but it doesn't seem like a
huge stretch, for example wireless may be loaded when you plug in a USB
device.
To avoid this reject such subscription attempts.
If this ends up causing userspace issues we may need to add a workaround
in af_netlink to deny such requests but not return an error.
Reported-by: Jeff Layton <jeff.layton@primarydata.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Johannes Berg [Fri, 16 Jan 2015 10:37:12 +0000 (11:37 +0100)]
genetlink: document parallel_ops
The kernel-doc for the parallel_ops family struct member is
missing, add it.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Louis Langholtz [Fri, 16 Jan 2015 05:04:46 +0000 (22:04 -0700)]
kernel: avoid overflow in cmp_range
Avoid overflow possibility.
[ The overflow is purely theoretical, since this is used for memory
ranges that aren't even close to using the full 64 bits, but this is
the right thing to do regardless. - Linus ]
Signed-off-by: Louis Langholtz <lou_langholtz@me.com>
Cc: Yinghai Lu <yinghai@kernel.org>
Cc: Peter Anvin <hpa@linux.intel.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Sukadev Bhattiprolu [Sat, 22 Nov 2014 01:33:53 +0000 (20:33 -0500)]
perf tools powerpc: Use dwfl_report_elf() instead of offline.
dwfl_report_offline() works only when libraries are prelinked.
Replace dwfl_report_offline() with dwfl_report_elf() so we correctly
extract debug info even from libraries that are not prelinked.
Reported-by: Jiri Olsa <jolsa@redhat.com>
Signed-off-by: Sukadev Bhattiprolu <sukadev@linux.vnet.ibm.com>
Tested-by: Jiri Olsa <jolsa@redhat.com>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: Michael Ellerman <mpe@ellerman.id.au>
Link: http://lkml.kernel.org/r/20150114221045.GA17703@us.ibm.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>