]> git.karo-electronics.de Git - linux-beck.git/log
linux-beck.git
10 years agoMerge tag 'keys-next-20140725' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowe...
James Morris [Sat, 26 Jul 2014 00:38:59 +0000 (10:38 +1000)]
Merge tag 'keys-next-20140725' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs into next

10 years agoPKCS#7: Missing inclusion of linux/err.h
David Howells [Fri, 25 Jul 2014 10:33:53 +0000 (11:33 +0100)]
PKCS#7: Missing inclusion of linux/err.h

crypto/asymmetric_keys/pkcs7_key_type.c needs to #include linux/err.h rather
than relying on getting it through other headers.

Without this, the powerpc allyesconfig build fails.

Reported-by: Stephen Rothwell <sfr@canb.auug.org.au>
Signed-off-by: David Howells <dhowells@redhat.com>
10 years agoCAPABILITIES: remove undefined caps from all processes
Eric Paris [Wed, 23 Jul 2014 19:36:26 +0000 (15:36 -0400)]
CAPABILITIES: remove undefined caps from all processes

This is effectively a revert of 7b9a7ec565505699f503b4fcf61500dceb36e744
plus fixing it a different way...

We found, when trying to run an application from an application which
had dropped privs that the kernel does security checks on undefined
capability bits.  This was ESPECIALLY difficult to debug as those
undefined bits are hidden from /proc/$PID/status.

Consider a root application which drops all capabilities from ALL 4
capability sets.  We assume, since the application is going to set
eff/perm/inh from an array that it will clear not only the defined caps
less than CAP_LAST_CAP, but also the higher 28ish bits which are
undefined future capabilities.

The BSET gets cleared differently.  Instead it is cleared one bit at a
time.  The problem here is that in security/commoncap.c::cap_task_prctl()
we actually check the validity of a capability being read.  So any task
which attempts to 'read all things set in bset' followed by 'unset all
things set in bset' will not even attempt to unset the undefined bits
higher than CAP_LAST_CAP.

So the 'parent' will look something like:
CapInh: 0000000000000000
CapPrm: 0000000000000000
CapEff: 0000000000000000
CapBnd: ffffffc000000000

All of this 'should' be fine.  Given that these are undefined bits that
aren't supposed to have anything to do with permissions.  But they do...

So lets now consider a task which cleared the eff/perm/inh completely
and cleared all of the valid caps in the bset (but not the invalid caps
it couldn't read out of the kernel).  We know that this is exactly what
the libcap-ng library does and what the go capabilities library does.
They both leave you in that above situation if you try to clear all of
you capapabilities from all 4 sets.  If that root task calls execve()
the child task will pick up all caps not blocked by the bset.  The bset
however does not block bits higher than CAP_LAST_CAP.  So now the child
task has bits in eff which are not in the parent.  These are
'meaningless' undefined bits, but still bits which the parent doesn't
have.

The problem is now in cred_cap_issubset() (or any operation which does a
subset test) as the child, while a subset for valid cap bits, is not a
subset for invalid cap bits!  So now we set durring commit creds that
the child is not dumpable.  Given it is 'more priv' than its parent.  It
also means the parent cannot ptrace the child and other stupidity.

The solution here:
1) stop hiding capability bits in status
This makes debugging easier!

2) stop giving any task undefined capability bits.  it's simple, it you
don't put those invalid bits in CAP_FULL_SET you won't get them in init
and you won't get them in any other task either.
This fixes the cap_issubset() tests and resulting fallout (which
made the init task in a docker container untraceable among other
things)

3) mask out undefined bits when sys_capset() is called as it might use
~0, ~0 to denote 'all capabilities' for backward/forward compatibility.
This lets 'capsh --caps="all=eip" -- -c /bin/bash' run.

4) mask out undefined bit when we read a file capability off of disk as
again likely all bits are set in the xattr for forward/backward
compatibility.
This lets 'setcap all+pe /bin/bash; /bin/bash' run

Signed-off-by: Eric Paris <eparis@redhat.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Cc: Andrew Vagin <avagin@openvz.org>
Cc: Andrew G. Morgan <morgan@kernel.org>
Cc: Serge E. Hallyn <serge.hallyn@canonical.com>
Cc: Kees Cook <keescook@chromium.org>
Cc: Steve Grubb <sgrubb@redhat.com>
Cc: Dan Walsh <dwalsh@redhat.com>
Cc: stable@vger.kernel.org
Signed-off-by: James Morris <james.l.morris@oracle.com>
10 years agoMerge tag 'keys-next-20140722' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowe...
James Morris [Thu, 24 Jul 2014 11:36:19 +0000 (21:36 +1000)]
Merge tag 'keys-next-20140722' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs into next

10 years agocommoncap: don't alloc the credential unless needed in cap_task_prctl
Tetsuo Handa [Tue, 22 Jul 2014 12:20:01 +0000 (21:20 +0900)]
commoncap: don't alloc the credential unless needed in cap_task_prctl

In function cap_task_prctl(), we would allocate a credential
unconditionally and then check if we support the requested function.
If not we would release this credential with abort_creds() by using
RCU method. But on some archs such as powerpc, the sys_prctl is heavily
used to get/set the floating point exception mode. So the unnecessary
allocating/releasing of credential not only introduce runtime overhead
but also do cause OOM due to the RCU implementation.

This patch removes abort_creds() from cap_task_prctl() by calling
prepare_creds() only when we need to modify it.

Reported-by: Kevin Hao <haokexin@gmail.com>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Reviewed-by: Paul Moore <paul@paul-moore.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: James Morris <james.l.morris@oracle.com>
10 years agoMerge branch 'keys-fixes' into keys-next
David Howells [Tue, 22 Jul 2014 20:55:45 +0000 (21:55 +0100)]
Merge branch 'keys-fixes' into keys-next

Signed-off-by: David Howells <dhowells@redhat.com>
10 years agoMerge remote-tracking branch 'integrity/next-with-keys' into keys-next
David Howells [Tue, 22 Jul 2014 20:54:43 +0000 (21:54 +0100)]
Merge remote-tracking branch 'integrity/next-with-keys' into keys-next

Signed-off-by: David Howells <dhowells@redhat.com>
10 years agoMerge tag 'keys-pefile-20140709' into keys-next
David Howells [Tue, 22 Jul 2014 20:54:05 +0000 (21:54 +0100)]
Merge tag 'keys-pefile-20140709' into keys-next

Here's a set of changes that implement a PE file signature checker.

This provides the following facility:

 (1) Extract the signature from the PE file.  This is a PKCS#7 message
     containing, as its data, a hash of the signed parts of the file.

 (2) Digest the signed parts of the file.

 (3) Compare the digest with the one from the PKCS#7 message.

 (4) Validate the signatures on the PKCS#7 message and indicate
     whether it was matched by a trusted key.

Signed-off-by: David Howells <dhowells@redhat.com>
10 years agoMerge tag 'keys-pkcs7-20140708' into keys-next
David Howells [Tue, 22 Jul 2014 20:52:33 +0000 (21:52 +0100)]
Merge tag 'keys-pkcs7-20140708' into keys-next

Here's a set of changes that implement a PKCS#7 message parser in the kernel.

The PKCS#7 message parsing will then be used to limit kexec to authenticated
kernels only if so configured.

The changes provide the following facilities:

 (1) Parse an ASN.1 PKCS#7 message and pick out useful bits such as the data
     content and the X.509 certificates used to sign it and all the data
     signatures.

 (2) Verify all the data signatures against the set of X.509 certificates
     available in the message.

 (3) Follow the certificate chains and verify that:

     (a) for every self-signed X.509 certificate, check that it validly signed
       itself, and:

     (b) for every non-self-signed certificate, if we have a 'parent'
       certificate, the former is validly signed by the latter.

 (4) Look for intersections between the certificate chains and the trusted
     keyring, if any intersections are found, verify that the trusted
     certificates signed the intersection point in the chain.

 (5) For testing purposes, a key type can be made available that will take a
     PKCS#7 message, check that the message is trustworthy, and if so, add its
     data content into the key.

Note that (5) has to be altered to take account of the preparsing patches
already committed to this branch.

Signed-off-by: David Howells <dhowells@redhat.com>
10 years agoMerge tag 'keys-preparse-1-20140722' into keys-next
David Howells [Tue, 22 Jul 2014 20:51:20 +0000 (21:51 +0100)]
Merge tag 'keys-preparse-1-20140722' into keys-next

Here are a set of changes that make all but encrypted and trusted keys use
preparsing.  Unfortunately, encrypted and trusted keys incorrectly use the
update op to alter a key, so other changes will need to be made for them.

These changes permit payload parsing when instantiating or updating a key to be
done before locks are taken and to determine the amount of quota that will be
required in advance.  The latter will make it possible to do LRU discard before
any locks are taken.

Signed-off-by: David Howells <dhowells@redhat.com>
10 years agoKEYS: request_key_auth: Provide key preparsing
David Howells [Fri, 18 Jul 2014 17:56:36 +0000 (18:56 +0100)]
KEYS: request_key_auth: Provide key preparsing

Provide key preparsing for the request_key_auth key type so that we can make
preparsing mandatory.  This does nothing as this type can only be set up
internally to the kernel.

Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Steve Dickson <steved@redhat.com>
Acked-by: Jeff Layton <jlayton@primarydata.com>
10 years agoKEYS: keyring: Provide key preparsing
David Howells [Fri, 18 Jul 2014 17:56:36 +0000 (18:56 +0100)]
KEYS: keyring: Provide key preparsing

Provide key preparsing in the keyring so that we can make preparsing
mandatory.  For keyrings, however, only an empty payload is permitted.

Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Steve Dickson <steved@redhat.com>
Acked-by: Jeff Layton <jlayton@primarydata.com>
10 years agoKEYS: big_key: Use key preparsing
David Howells [Fri, 18 Jul 2014 17:56:36 +0000 (18:56 +0100)]
KEYS: big_key: Use key preparsing

Make use of key preparsing in the big key type so that quota size determination
can take place prior to keyring locking when a key is being added.

Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Steve Dickson <steved@redhat.com>
10 years agoKEYS: RxRPC: Use key preparsing
David Howells [Fri, 18 Jul 2014 17:56:36 +0000 (18:56 +0100)]
KEYS: RxRPC: Use key preparsing

Make use of key preparsing in the RxRPC protocol so that quota size
determination can take place prior to keyring locking when a key is being
added.

Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Steve Dickson <steved@redhat.com>
10 years agoKEYS: DNS: Use key preparsing
David Howells [Fri, 18 Jul 2014 17:56:36 +0000 (18:56 +0100)]
KEYS: DNS: Use key preparsing

Make use of key preparsing in the DNS resolver so that quota size determination
can take place prior to keyring locking when a key is being added.

Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Steve Dickson <steved@redhat.com>
Acked-by: Jeff Layton <jlayton@primarydata.com>
10 years agoKEYS: Ceph: Use user_match()
David Howells [Fri, 18 Jul 2014 17:56:35 +0000 (18:56 +0100)]
KEYS: Ceph: Use user_match()

Ceph can use user_match() instead of defining its own identical function.

Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Steve Dickson <steved@redhat.com>
Reviewed-by: Sage Weil <sage@redhat.com>
cc: Tommi Virtanen <tommi.virtanen@dreamhost.com>

10 years agoKEYS: Ceph: Use key preparsing
David Howells [Fri, 18 Jul 2014 17:56:35 +0000 (18:56 +0100)]
KEYS: Ceph: Use key preparsing

Make use of key preparsing in Ceph so that quota size determination can take
place prior to keyring locking when a key is being added.

Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Steve Dickson <steved@redhat.com>
Reviewed-by: Sage Weil <sage@redhat.com>
cc: Tommi Virtanen <tommi.virtanen@dreamhost.com>

10 years agoKEYS: user: Use key preparsing
David Howells [Fri, 18 Jul 2014 17:56:35 +0000 (18:56 +0100)]
KEYS: user: Use key preparsing

Make use of key preparsing in user-defined and logon keys so that quota size
determination can take place prior to keyring locking when a key is being
added.

Also the idmapper key types need to change to match as they use the
user-defined key type routines.

Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Steve Dickson <steved@redhat.com>
Acked-by: Jeff Layton <jlayton@primarydata.com>
10 years agoKEYS: Call ->free_preparse() even after ->preparse() returns an error
David Howells [Fri, 18 Jul 2014 17:56:34 +0000 (18:56 +0100)]
KEYS: Call ->free_preparse() even after ->preparse() returns an error

Call the ->free_preparse() key type op even after ->preparse() returns an
error as it does cleaning up type stuff.

Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Steve Dickson <steved@redhat.com>
Acked-by: Jeff Layton <jlayton@primarydata.com>
Reviewed-by: Sage Weil <sage@redhat.com>
10 years agoKEYS: Allow expiry time to be set when preparsing a key
David Howells [Fri, 18 Jul 2014 17:56:34 +0000 (18:56 +0100)]
KEYS: Allow expiry time to be set when preparsing a key

Allow a key type's preparsing routine to set the expiry time for a key.

Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Steve Dickson <steved@redhat.com>
Acked-by: Jeff Layton <jlayton@primarydata.com>
Reviewed-by: Sage Weil <sage@redhat.com>
10 years agoKEYS: struct key_preparsed_payload should have two payload pointers
David Howells [Fri, 18 Jul 2014 17:56:34 +0000 (18:56 +0100)]
KEYS: struct key_preparsed_payload should have two payload pointers

struct key_preparsed_payload should have two payload pointers to correspond
with those in struct key.

Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Steve Dickson <steved@redhat.com>
Acked-by: Jeff Layton <jlayton@primarydata.com>
Reviewed-by: Sage Weil <sage@redhat.com>
10 years agoMerge tag 'seccomp-3.17' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux...
James Morris [Sat, 19 Jul 2014 07:40:49 +0000 (17:40 +1000)]
Merge tag 'seccomp-3.17' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux into next

10 years agoMerge branch 'next' of git://git.infradead.org/users/pcmoore/selinux into next
James Morris [Sat, 19 Jul 2014 07:39:19 +0000 (17:39 +1000)]
Merge branch 'next' of git://git.infradead.org/users/pcmoore/selinux into next

10 years agoseccomp: implement SECCOMP_FILTER_FLAG_TSYNC
Kees Cook [Thu, 5 Jun 2014 07:23:17 +0000 (00:23 -0700)]
seccomp: implement SECCOMP_FILTER_FLAG_TSYNC

Applying restrictive seccomp filter programs to large or diverse
codebases often requires handling threads which may be started early in
the process lifetime (e.g., by code that is linked in). While it is
possible to apply permissive programs prior to process start up, it is
difficult to further restrict the kernel ABI to those threads after that
point.

This change adds a new seccomp syscall flag to SECCOMP_SET_MODE_FILTER for
synchronizing thread group seccomp filters at filter installation time.

When calling seccomp(SECCOMP_SET_MODE_FILTER, SECCOMP_FILTER_FLAG_TSYNC,
filter) an attempt will be made to synchronize all threads in current's
threadgroup to its new seccomp filter program. This is possible iff all
threads are using a filter that is an ancestor to the filter current is
attempting to synchronize to. NULL filters (where the task is running as
SECCOMP_MODE_NONE) are also treated as ancestors allowing threads to be
transitioned into SECCOMP_MODE_FILTER. If prctrl(PR_SET_NO_NEW_PRIVS,
...) has been set on the calling thread, no_new_privs will be set for
all synchronized threads too. On success, 0 is returned. On failure,
the pid of one of the failing threads will be returned and no filters
will have been applied.

The race conditions against another thread are:
- requesting TSYNC (already handled by sighand lock)
- performing a clone (already handled by sighand lock)
- changing its filter (already handled by sighand lock)
- calling exec (handled by cred_guard_mutex)
The clone case is assisted by the fact that new threads will have their
seccomp state duplicated from their parent before appearing on the tasklist.

Holding cred_guard_mutex means that seccomp filters cannot be assigned
while in the middle of another thread's exec (potentially bypassing
no_new_privs or similar). The call to de_thread() may kill threads waiting
for the mutex.

Changes across threads to the filter pointer includes a barrier.

Based on patches by Will Drewry.

Suggested-by: Julien Tinnes <jln@chromium.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Oleg Nesterov <oleg@redhat.com>
Reviewed-by: Andy Lutomirski <luto@amacapital.net>
10 years agoseccomp: allow mode setting across threads
Kees Cook [Fri, 27 Jun 2014 22:01:35 +0000 (15:01 -0700)]
seccomp: allow mode setting across threads

This changes the mode setting helper to allow threads to change the
seccomp mode from another thread. We must maintain barriers to keep
TIF_SECCOMP synchronized with the rest of the seccomp state.

Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Oleg Nesterov <oleg@redhat.com>
Reviewed-by: Andy Lutomirski <luto@amacapital.net>
10 years agoseccomp: introduce writer locking
Kees Cook [Fri, 27 Jun 2014 22:18:48 +0000 (15:18 -0700)]
seccomp: introduce writer locking

Normally, task_struct.seccomp.filter is only ever read or modified by
the task that owns it (current). This property aids in fast access
during system call filtering as read access is lockless.

Updating the pointer from another task, however, opens up race
conditions. To allow cross-thread filter pointer updates, writes to the
seccomp fields are now protected by the sighand spinlock (which is shared
by all threads in the thread group). Read access remains lockless because
pointer updates themselves are atomic.  However, writes (or cloning)
often entail additional checking (like maximum instruction counts)
which require locking to perform safely.

In the case of cloning threads, the child is invisible to the system
until it enters the task list. To make sure a child can't be cloned from
a thread and left in a prior state, seccomp duplication is additionally
moved under the sighand lock. Then parent and child are certain have
the same seccomp state when they exit the lock.

Based on patches by Will Drewry and David Drysdale.

Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Oleg Nesterov <oleg@redhat.com>
Reviewed-by: Andy Lutomirski <luto@amacapital.net>
10 years agoseccomp: split filter prep from check and apply
Kees Cook [Fri, 27 Jun 2014 22:16:33 +0000 (15:16 -0700)]
seccomp: split filter prep from check and apply

In preparation for adding seccomp locking, move filter creation away
from where it is checked and applied. This will allow for locking where
no memory allocation is happening. The validation, filter attachment,
and seccomp mode setting can all happen under the future locks.

For extreme defensiveness, I've added a BUG_ON check for the calculated
size of the buffer allocation in case BPF_MAXINSN ever changes, which
shouldn't ever happen. The compiler should actually optimize out this
check since the test above it makes it impossible.

Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Oleg Nesterov <oleg@redhat.com>
Reviewed-by: Andy Lutomirski <luto@amacapital.net>
10 years agosched: move no_new_privs into new atomic flags
Kees Cook [Wed, 21 May 2014 22:23:46 +0000 (15:23 -0700)]
sched: move no_new_privs into new atomic flags

Since seccomp transitions between threads requires updates to the
no_new_privs flag to be atomic, the flag must be part of an atomic flag
set. This moves the nnp flag into a separate task field, and introduces
accessors.

Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Oleg Nesterov <oleg@redhat.com>
Reviewed-by: Andy Lutomirski <luto@amacapital.net>
10 years agoMIPS: add seccomp syscall
Kees Cook [Tue, 10 Jun 2014 22:45:09 +0000 (15:45 -0700)]
MIPS: add seccomp syscall

Wires up the new seccomp syscall.

Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Oleg Nesterov <oleg@redhat.com>
10 years agoARM: add seccomp syscall
Kees Cook [Tue, 10 Jun 2014 22:40:23 +0000 (15:40 -0700)]
ARM: add seccomp syscall

Wires up the new seccomp syscall.

Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Oleg Nesterov <oleg@redhat.com>
10 years agoseccomp: add "seccomp" syscall
Kees Cook [Wed, 25 Jun 2014 23:08:24 +0000 (16:08 -0700)]
seccomp: add "seccomp" syscall

This adds the new "seccomp" syscall with both an "operation" and "flags"
parameter for future expansion. The third argument is a pointer value,
used with the SECCOMP_SET_MODE_FILTER operation. Currently, flags must
be 0. This is functionally equivalent to prctl(PR_SET_SECCOMP, ...).

In addition to the TSYNC flag later in this patch series, there is a
non-zero chance that this syscall could be used for configuring a fixed
argument area for seccomp-tracer-aware processes to pass syscall arguments
in the future. Hence, the use of "seccomp" not simply "seccomp_add_filter"
for this syscall. Additionally, this syscall uses operation, flags,
and user pointer for arguments because strictly passing arguments via
a user pointer would mean seccomp itself would be unable to trivially
filter the seccomp syscall itself.

Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Oleg Nesterov <oleg@redhat.com>
Reviewed-by: Andy Lutomirski <luto@amacapital.net>
10 years agoseccomp: split mode setting routines
Kees Cook [Wed, 25 Jun 2014 22:55:25 +0000 (15:55 -0700)]
seccomp: split mode setting routines

Separates the two mode setting paths to make things more readable with
fewer #ifdefs within function bodies.

Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Oleg Nesterov <oleg@redhat.com>
Reviewed-by: Andy Lutomirski <luto@amacapital.net>
10 years agoseccomp: extract check/assign mode helpers
Kees Cook [Wed, 25 Jun 2014 22:38:02 +0000 (15:38 -0700)]
seccomp: extract check/assign mode helpers

To support splitting mode 1 from mode 2, extract the mode checking and
assignment logic into common functions.

Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Oleg Nesterov <oleg@redhat.com>
Reviewed-by: Andy Lutomirski <luto@amacapital.net>
10 years agoseccomp: create internal mode-setting function
Kees Cook [Wed, 21 May 2014 22:02:11 +0000 (15:02 -0700)]
seccomp: create internal mode-setting function

In preparation for having other callers of the seccomp mode setting
logic, split the prctl entry point away from the core logic that performs
seccomp mode setting.

Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Oleg Nesterov <oleg@redhat.com>
Reviewed-by: Andy Lutomirski <luto@amacapital.net>
10 years agoMAINTAINERS: create seccomp entry
Kees Cook [Fri, 18 Jul 2014 18:28:33 +0000 (11:28 -0700)]
MAINTAINERS: create seccomp entry

Add myself as seccomp maintainer.

Suggested-by: James Morris <jmorris@namei.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
10 years agoKEYS: Provide a generic instantiation function
David Howells [Fri, 18 Jul 2014 17:56:34 +0000 (18:56 +0100)]
KEYS: Provide a generic instantiation function

Provide a generic instantiation function for key types that use the preparse
hook.  This makes it easier to prereserve key quota before keyrings get locked
to retain the new key.

Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Steve Dickson <steved@redhat.com>
Acked-by: Jeff Layton <jlayton@primarydata.com>
Reviewed-by: Sage Weil <sage@redhat.com>
10 years agodigsig: make crypto builtin if digsig selected as builtin
Dmitry Kasatkin [Fri, 11 Jul 2014 15:59:45 +0000 (18:59 +0300)]
digsig: make crypto builtin if digsig selected as builtin

When SIGNATURE=y but depends on CRYPTO=m, it selects MPILIB as module
producing build break. This patch makes digsig to select crypto for
correcting dependency.

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: David Howells <dhowells@redhat.com>
10 years agoRSA: Don't select non-existent symbol
Jean Delvare [Thu, 17 Jul 2014 19:45:41 +0000 (20:45 +0100)]
RSA: Don't select non-existent symbol

You can select MPILIB_EXTRA all you want, it doesn't exist ;-)

Surprised kconfig doesn't complain about that...

Signed-off-by: Jean Delvare <jdelvare@suse.de>
Acked-by: Marek Vasut <marex@denx.de>
Signed-off-by: David Howells <dhowells@redhat.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: "David S. Miller" <davem@davemloft.net>
10 years agoKEYS: Allow special keys (eg. DNS results) to be invalidated by CAP_SYS_ADMIN
David Howells [Thu, 17 Jul 2014 19:45:08 +0000 (20:45 +0100)]
KEYS: Allow special keys (eg. DNS results) to be invalidated by CAP_SYS_ADMIN

Special kernel keys, such as those used to hold DNS results for AFS, CIFS and
NFS and those used to hold idmapper results for NFS, used to be
'invalidateable' with key_revoke().  However, since the default permissions for
keys were reduced:

Commit: 96b5c8fea6c0861621051290d705ec2e971963f1
KEYS: Reduce initial permissions on keys

it has become impossible to do this.

Add a key flag (KEY_FLAG_ROOT_CAN_INVAL) that will permit a key to be
invalidated by root.  This should not be used for system keyrings as the
garbage collector will try and remove any invalidate key.  For system keyrings,
KEY_FLAG_ROOT_CAN_CLEAR can be used instead.

After this, from userspace, keyctl_invalidate() and "keyctl invalidate" can be
used by any possessor of CAP_SYS_ADMIN (typically root) to invalidate DNS and
idmapper keys.  Invalidated keys are immediately garbage collected and will be
immediately rerequested if needed again.

Signed-off-by: David Howells <dhowells@redhat.com>
Tested-by: Steve Dickson <steved@redhat.com>
10 years agoima: define '.ima' as a builtin 'trusted' keyring
Mimi Zohar [Tue, 13 Aug 2013 12:47:43 +0000 (08:47 -0400)]
ima: define '.ima' as a builtin 'trusted' keyring

Require all keys added to the IMA keyring be signed by an
existing trusted key on the system trusted keyring.

Changelog v6:
- remove ifdef CONFIG_IMA_TRUSTED_KEYRING in C code - Dmitry
- update Kconfig dependency and help
- select KEYS_DEBUG_PROC_KEYS - Dmitry

Changelog v5:
- Move integrity_init_keyring() to init_ima() - Dmitry
- reset keyring[id] on failure - Dmitry

Changelog v1:
- don't link IMA trusted keyring to user keyring

Changelog:
- define stub integrity_init_keyring() function (reported-by Fengguang Wu)
- differentiate between regular and trusted keyring names.
- replace printk with pr_info (D. Kasatkin)
- only make the IMA keyring a trusted keyring (reported-by D. Kastatkin)
- define stub integrity_init_keyring() definition based on
  CONFIG_INTEGRITY_SIGNATURE, not CONFIG_INTEGRITY_ASYMMETRIC_KEYS.
  (reported-by Jim Davis)

Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Acked-by: David Howells <dhowells@redhat.com>
10 years agoKEYS: validate certificate trust only with builtin keys
Dmitry Kasatkin [Tue, 17 Jun 2014 08:56:59 +0000 (11:56 +0300)]
KEYS: validate certificate trust only with builtin keys

Instead of allowing public keys, with certificates signed by any
key on the system trusted keyring, to be added to a trusted keyring,
this patch further restricts the certificates to those signed only by
builtin keys on the system keyring.

This patch defines a new option 'builtin' for the kernel parameter
'keys_ownerid' to allow trust validation using builtin keys.

Simplified Mimi's "KEYS: define an owner trusted keyring" patch

Changelog v7:
- rename builtin_keys to use_builtin_keys

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
10 years agoKEYS: validate certificate trust only with selected key
Dmitry Kasatkin [Tue, 17 Jun 2014 08:56:58 +0000 (11:56 +0300)]
KEYS: validate certificate trust only with selected key

Instead of allowing public keys, with certificates signed by any
key on the system trusted keyring, to be added to a trusted keyring,
this patch further restricts the certificates to those signed by a
particular key on the system keyring.

This patch defines a new kernel parameter 'ca_keys' to identify the
specific key which must be used for trust validation of certificates.

Simplified Mimi's "KEYS: define an owner trusted keyring" patch.

Changelog:
- support for builtin x509 public keys only
- export "asymmetric_keyid_match"
- remove ifndefs MODULE
- rename kernel boot parameter from keys_ownerid to ca_keys

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
10 years agoKEYS: make partial key id matching as a dedicated function
Dmitry Kasatkin [Tue, 17 Jun 2014 08:56:57 +0000 (11:56 +0300)]
KEYS: make partial key id matching as a dedicated function

To avoid code duplication this patch refactors asymmetric_key_match(),
making partial ID string match a separate function.

This patch also implicitly fixes a bug in the code.  asymmetric_key_match()
allows to match the key by its subtype. But subtype matching could be
undone if asymmetric_key_id(key) would return NULL. This patch first
checks for matching spec and then for its value.

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
10 years agoKEYS: verify a certificate is signed by a 'trusted' key
Mimi Zohar [Tue, 20 Aug 2013 18:36:27 +0000 (14:36 -0400)]
KEYS: verify a certificate is signed by a 'trusted' key

Only public keys, with certificates signed by an existing
'trusted' key on the system trusted keyring, should be added
to a trusted keyring.  This patch adds support for verifying
a certificate's signature.

This is derived from David Howells pkcs7_request_asymmetric_key() patch.

Changelog v6:
- on error free key - Dmitry
- validate trust only for not already trusted keys - Dmitry
- formatting cleanup

Changelog:
- define get_system_trusted_keyring() to fix kbuild issues

Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Dmitry Kasatkin <dmitry.kasatkin@gmail.com>
10 years agoKEYS: special dot prefixed keyring name bug fix
Mimi Zohar [Thu, 22 May 2014 18:02:23 +0000 (14:02 -0400)]
KEYS: special dot prefixed keyring name bug fix

Dot prefixed keyring names are supposed to be reserved for the
kernel, but add_key() calls key_get_type_from_user(), which
incorrectly verifies the 'type' field, not the 'description' field.
This patch verifies the 'description' field isn't dot prefixed,
when creating a new keyring, and removes the dot prefix test in
key_get_type_from_user().

Changelog v6:
- whitespace and other cleanup

Changelog v5:
- Only prevent userspace from creating a dot prefixed keyring, not
  regular keys  - Dmitry

Reported-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Acked-by: David Howells <dhowells@redhat.com>
10 years agoima: provide double buffering for hash calculation
Dmitry Kasatkin [Tue, 6 May 2014 11:54:27 +0000 (14:54 +0300)]
ima: provide double buffering for hash calculation

The asynchronous hash API allows initiating a hash calculation and
then performing other tasks, while waiting for the hash calculation
to complete.

This patch introduces usage of double buffering for simultaneous
hashing and reading of the next chunk of data from storage.

Changes in v3:
- better comments

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
10 years agoima: introduce multi-page collect buffers
Dmitry Kasatkin [Tue, 6 May 2014 11:47:13 +0000 (14:47 +0300)]
ima: introduce multi-page collect buffers

Use of multiple-page collect buffers reduces:
1) the number of block IO requests
2) the number of asynchronous hash update requests

Second is important for HW accelerated hashing, because significant
amount of time is spent for preparation of hash update operation,
which includes configuring acceleration HW, DMA engine, etc...
Thus, HW accelerators are more efficient when working on large
chunks of data.

This patch introduces usage of multi-page collect buffers. Buffer size
can be specified using 'ahash_bufsize' module parameter. Default buffer
size is 4096 bytes.

Changes in v3:
- kernel parameter replaced with module parameter

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
10 years agoima: use ahash API for file hash calculation
Dmitry Kasatkin [Wed, 26 Feb 2014 15:05:20 +0000 (17:05 +0200)]
ima: use ahash API for file hash calculation

Async hash API allows the use of HW acceleration for hash calculation.
It may give significant performance gain and/or reduce power consumption,
which might be very beneficial for battery powered devices.

This patch introduces hash calculation using ahash API. ahash performance
depends on the data size and the particular HW. Depending on the specific
system, shash performance may be better.

This patch defines 'ahash_minsize' module parameter, which is used to
define the minimal file size to use with ahash.  If this minimum file size
is not set or the file is smaller than defined by the parameter, shash will
be used.

Changes in v3:
- kernel parameter replaced with module parameter
- pr_crit replaced with pr_crit_ratelimited
- more comment changes - Mimi

Changes in v2:
- ima_ahash_size became as ima_ahash
- ahash pre-allocation moved out from __init code to be able to use
  ahash crypto modules. Ahash allocated once on the first use.
- hash calculation falls back to shash if ahash allocation/calculation fails
- complex initialization separated from variable declaration
- improved comments

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
10 years agoaudit: fix dangling keywords in integrity ima message output
Richard Guy Briggs [Mon, 16 Jun 2014 19:52:07 +0000 (15:52 -0400)]
audit: fix dangling keywords in integrity ima message output

Replace spaces in op keyword labels in log output since userspace audit tools
can't parse orphaned keywords.

Reported-by: Steve Grubb <sgrubb@redhat.com>
Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
10 years agoima: delay template descriptor lookup until use
Dmitry Kasatkin [Fri, 13 Jun 2014 15:55:48 +0000 (18:55 +0300)]
ima: delay template descriptor lookup until use

process_measurement() always calls ima_template_desc_current(),
including when an IMA policy has not been defined.

This patch delays template descriptor lookup until action is
determined.

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
10 years agoima: remove unnecessary i_mutex locking from ima_rdwr_violation_check()
Dmitry Kasatkin [Fri, 13 Jun 2014 15:55:47 +0000 (18:55 +0300)]
ima: remove unnecessary i_mutex locking from ima_rdwr_violation_check()

Before 2.6.39 inode->i_readcount was maintained by IMA. It was not atomic
and protected using spinlock. For 2.6.39, i_readcount was converted to
atomic and maintaining was moved VFS layer. Spinlock for some unclear
reason was replaced by i_mutex.

After analyzing the code, we came to conclusion that i_mutex locking is
unnecessary, especially when an IMA policy has not been defined.

This patch removes i_mutex locking from ima_rdwr_violation_check().

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
10 years agoMerge branch 'stable-3.16' of git://git.infradead.org/users/pcmoore/selinux into...
James Morris [Wed, 16 Jul 2014 17:05:51 +0000 (03:05 +1000)]
Merge branch 'stable-3.16' of git://git.infradead.org/users/pcmoore/selinux into next

10 years agoSync with the changes pushed by Serge in the last merge window.
James Morris [Wed, 16 Jul 2014 16:10:27 +0000 (02:10 +1000)]
Sync with the changes pushed by Serge in the last merge window.

10 years agoLinux 3.16-rc5
Linus Torvalds [Sun, 13 Jul 2014 21:04:33 +0000 (14:04 -0700)]
Linux 3.16-rc5

10 years agoMerge tag 'ext4_for_linus_stable' of git://git.kernel.org/pub/scm/linux/kernel/git...
Linus Torvalds [Sun, 13 Jul 2014 20:14:55 +0000 (13:14 -0700)]
Merge tag 'ext4_for_linus_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4

Pull ext4 bugfixes from Ted Ts'o:
 "More bug fixes for ext4 -- most importantly, a fix for a bug
  introduced in 3.15 that can end up triggering a file system corruption
  error after a journal replay.

  It shouldn't lead to any actual data corruption, but it is scary and
  can force file systems to be remounted read-only, etc"

* tag 'ext4_for_linus_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4:
  ext4: fix potential null pointer dereference in ext4_free_inode
  ext4: fix a potential deadlock in __ext4_es_shrink()
  ext4: revert commit which was causing fs corruption after journal replays
  ext4: disable synchronous transaction batching if max_batch_time==0
  ext4: clarify ext4_error message in ext4_mb_generate_buddy_error()
  ext4: clarify error count warning messages
  ext4: fix unjournalled bg descriptor while initializing inode bitmap

10 years agoMerge tag 'clk-fixes-for-linus' of git://git.linaro.org/people/mike.turquette/linux
Linus Torvalds [Sun, 13 Jul 2014 19:21:04 +0000 (12:21 -0700)]
Merge tag 'clk-fixes-for-linus' of git://git.linaro.org/people/mike.turquette/linux

Pull clock driver fixes from Mike Turquette:
 "This batch of fixes is for a handful of clock drivers from Allwinner,
  Samsung, ST & TI.  Most of them are of the "this hardware won't work
  without this fix" variety, including patches that fix platforms that
  did not boot under certain configurations.  Other fixes are the result
  of changes to the clock core introduced in 3.15 that had subtle
  impacts on the clock drivers.

  There are no fixes to the clock framework core in this pull request"

* tag 'clk-fixes-for-linus' of git://git.linaro.org/people/mike.turquette/linux:
  clk: spear3xx: Set proper clock parent of uart1/2
  clk: spear3xx: Use proper control register offset
  clk: qcom: HDMI source sel is 3 not 2
  clk: sunxi: fix devm_ioremap_resource error detection code
  clk: s2mps11: Fix double free corruption during driver unbind
  clk: ti: am43x: Fix boot with CONFIG_SOC_AM33XX disabled
  clk: exynos5420: Remove aclk66_peric from the clock tree description
  clk/exynos5250: fix bit number for tv sysmmu clock
  clk: s3c64xx: Hookup SPI clocks correctly
  clk: samsung: exynos4: Remove SRC_MASK_ISP gates
  clk: samsung: add more aliases for s3c24xx
  clk: samsung: fix several typos to fix boot on s3c2410
  clk: ti: set CLK_SET_RATE_NO_REPARENT for ti,mux-clock
  clk: ti: am43x: Fix boot with CONFIG_SOC_AM33XX disabled
  clk: ti: dra7: return error code in failure case
  clk: ti: apll: not allocating enough data

10 years agoMerge tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/arm...
Linus Torvalds [Sun, 13 Jul 2014 19:10:18 +0000 (12:10 -0700)]
Merge tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc

Pull ARM SoC fixes from Olof Johansson:
 "This week's arm-soc fixes:

   - Another set of OMAP fixes
     * Clock fixes
     * Restart handling
     * PHY regulators
     * SATA hwmod data for DRA7
     + Some trivial fixes and removal of a bit of dead code
   - Exynos fixes
     * A bunch of clock fixes
     * Some SMP fixes
     * Exynos multi-core timer: register as clocksource and fix ftrace.
     + a few other minor fixes

  There's also a couple more patches, and at91 fix for USB caused by
  common clock conversion, and more MAINTAINERS entries for shmobile.

  We're definitely switching to only regression fixes from here on out,
  we've been a little less strict than usual up until now"

* tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc: (26 commits)
  ARM: at91: at91sam9x5: add clocks for usb device
  ARM: EXYNOS: Register cpuidle device only on exynos4210 and 5250
  ARM: dts: Add clock property for mfc_pd in exynos5420
  clk: exynos5420: Add IDs for clocks used in PD mfc
  ARM: EXYNOS: Add support for clock handling in power domain
  ARM: OMAP2+: Remove non working OMAP HDMI audio initialization
  ARM: imx: fix shared gate clock
  ARM: dts: Update the parent for Audss clocks in Exynos5420
  ARM: EXYNOS: Update secondary boot addr for secure mode
  ARM: dts: Fix TI CPSW Phy mode selection on IGEP COM AQUILA.
  ARM: dts: am335x-evmsk: Enable the McASP FIFO for audio
  ARM: dts: am335x-evm: Enable the McASP FIFO for audio
  ARM: OMAP2+: Make GPMC skip disabled devices
  ARM: OMAP2+: create dsp device only on OMAP3 SoCs
  ARM: dts: dra7-evm: Make VDDA_1V8_PHY supply always on
  ARM: DRA7/AM43XX: fix header definition for omap44xx_restart
  ARM: OMAP2+: clock/dpll: fix _dpll_test_fint arithmetics overflow
  ARM: DRA7: hwmod: Add SYSCONFIG for usb_otg_ss
  ARM: DRA7: hwmod: Fixup SATA hwmod
  ARM: OMAP3: PRM/CM: Add back macros used by TI DSP/Bridge driver
  ...

10 years agoMerge branch 'fixes' of git://ftp.arm.linux.org.uk/~rmk/linux-arm
Linus Torvalds [Sun, 13 Jul 2014 19:09:18 +0000 (12:09 -0700)]
Merge branch 'fixes' of git://ftp.arm.linux.org.uk/~rmk/linux-arm

Pull ARM fixes from Russell King:
 "Another round of fixes for ARM:
   - a set of kprobes fixes from Jon Medhurst
   - fix the revision checking for the L2 cache which wasn't noticed to
     have been broken"

* 'fixes' of git://ftp.arm.linux.org.uk/~rmk/linux-arm:
  ARM: l2c: fix revision checking
  ARM: kprobes: Fix test code compilation errors for ARMv4 targets
  ARM: kprobes: Disallow instructions with PC and register specified shift
  ARM: kprobes: Prevent known test failures stopping other tests running

10 years agoMerge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/geert/linux...
Linus Torvalds [Sun, 13 Jul 2014 19:04:06 +0000 (12:04 -0700)]
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/geert/linux-m68k

Pull m68k fixes from Geert Uytterhoeven:
 "Summary:
  - Fix for a boot regression introduced in v3.16-rc1,
  - Fix for a build issue in -next"

Christoph Hellwig questioned why mach_random_get_entropy should be
exported to modules, and Geert explains that random_get_entropy() is
called by at least the crypto layer and ends up using it on m68k.  On
most other architectures it just uses get_cycles() (which is typically
inlined and doesn't need exporting),

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/geert/linux-m68k:
  m68k: Export mach_random_get_entropy to modules
  m68k: Fix boot regression on machines with RAM at non-zero

10 years agoMerge branch 'parisc-3.16-5' of git://git.kernel.org/pub/scm/linux/kernel/git/deller...
Linus Torvalds [Sun, 13 Jul 2014 19:02:05 +0000 (12:02 -0700)]
Merge branch 'parisc-3.16-5' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux

Pull parisc fixes from Helge Deller:
 "The major patch in here is one which fixes the fanotify_mark() syscall
  in the compat layer of the 64bit parisc kernel.  It went unnoticed so
  long, because the calling syntax when using a 64bit parameter in a
  32bit syscall is quite complex and even worse, it may be even
  different if you call syscall() or the glibc wrapper.  This patch
  makes the kernel accept the calling convention when called by the
  glibc wrapper.

  The other two patches are trivial and remove unused headers, #includes
  and adds the serial ports of the fastest C8000 workstation to the
  parisc-kernel internal hardware database"

* 'parisc-3.16-5' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux:
  parisc: drop unused defines and header includes
  parisc: fix fanotify_mark() syscall on 32bit compat kernel
  parisc: add serial ports of C8000/1GHz machine to hardware database

10 years agoclk: spear3xx: Set proper clock parent of uart1/2
Thomas Gleixner [Thu, 19 Jun 2014 21:52:24 +0000 (21:52 +0000)]
clk: spear3xx: Set proper clock parent of uart1/2

The uarts only work when the parent is ras_ahb_clk. The stale 3.5
based ST tree does this in the board file.

Add it to the clk init function. Not pretty, but the mess there is
amazing anyway.

Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Acked-by: Viresh Kumar <viresh.kumar@linaro.org>
Signed-off-by: Mike Turquette <mturquette@linaro.org>
10 years agoclk: spear3xx: Use proper control register offset
Thomas Gleixner [Thu, 19 Jun 2014 21:52:23 +0000 (21:52 +0000)]
clk: spear3xx: Use proper control register offset

The control register is at offset 0x10, not 0x0. This is wreckaged
since commit 5df33a62c (SPEAr: Switch to common clock framework).

Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: stable@vger.kernel.org
Acked-by: Viresh Kumar <viresh.kumar@linaro.org>
Signed-off-by: Mike Turquette <mturquette@linaro.org>
10 years agoparisc: drop unused defines and header includes
Helge Deller [Thu, 10 Jul 2014 16:08:11 +0000 (18:08 +0200)]
parisc: drop unused defines and header includes

Signed-off-by: Helge Deller <deller@gmx.de>
Cc: stable@vger.kernel.org # 3.13+
10 years agoparisc: fix fanotify_mark() syscall on 32bit compat kernel
Helge Deller [Thu, 10 Jul 2014 16:07:17 +0000 (18:07 +0200)]
parisc: fix fanotify_mark() syscall on 32bit compat kernel

On parisc we can not use the existing compat implementation for fanotify_mark()
because for the 64bit mask parameter the higher and lower 32bits are ordered
differently than what the compat function expects from big endian
architectures.

Specifically:
It finally turned out, that on hppa we end up with different assignments
of parameters to kernel arguments depending on if we call the glibc
wrapper function
 int fanotify_mark (int __fanotify_fd, unsigned int __flags,
                    uint64_t __mask, int __dfd, const char *__pathname);
or directly calling the syscall manually
 syscall(__NR_fanotify_mark, ...)

Reason is, that the syscall() function is implemented as C-function and
because we now have the sysno as first parameter in front of the other
parameters the compiler will unexpectedly add an empty paramenter in
front of the u64 value to ensure the correct calling alignment for 64bit
values.
This means, on hppa you can't simply use syscall() to call the kernel
fanotify_mark() function directly, but you have to use the glibc
function instead.

This patch fixes the kernel in the hppa-arch specifc coding to adjust
the parameters in a way as if userspace calls the glibc wrapper function
fanotify_mark().

Signed-off-by: Helge Deller <deller@gmx.de>
Cc: stable@vger.kernel.org # 3.13+
10 years agoparisc: add serial ports of C8000/1GHz machine to hardware database
Helge Deller [Sat, 28 Jun 2014 15:44:51 +0000 (17:44 +0200)]
parisc: add serial ports of C8000/1GHz machine to hardware database

Signed-off-by: Helge Deller <deller@gmx.de>
Cc: stable@vger.kernel.org # 3.13+
10 years agoMerge branch 'fixes' of git://git.infradead.org/users/vkoul/slave-dma
Linus Torvalds [Sun, 13 Jul 2014 05:24:50 +0000 (22:24 -0700)]
Merge branch 'fixes' of git://git.infradead.org/users/vkoul/slave-dma

Pull slave-dmaengine fixes from Vinod Koul:
 "We have two small fixes.  First one from Daniel to handle 0-length
  packets for usb cppi dma.  Second by Russell for imx-sdam cyclic
  residue reporting"

* 'fixes' of git://git.infradead.org/users/vkoul/slave-dma:
  Update imx-sdma cyclic handling to report residue
  dma: cppi41: handle 0-length packets

10 years agoMerge tag 'samsung-fixes-3' of git://git.kernel.org/pub/scm/linux/kernel/git/kgene...
Olof Johansson [Sun, 13 Jul 2014 04:19:21 +0000 (21:19 -0700)]
Merge tag 'samsung-fixes-3' of git://git.kernel.org/pub/scm/linux/kernel/git/kgene/linux-samsung into fixes

Merge "Samsung fixes-3 for 3.16" from Kukjin Kim:

Samsung fixes-3 for v3.16
- update the parent for Auudss clock because kernel will be hang
  during late boot if the parent clock is disabled in bootloader.
- enable clk handing in power domain because while power domain
  on/off, its regarding clock source will be reset and it causes
  a problem so need to handle it.
- add mux clocks to be used by power domain for exynos5420-mfc
  during power domain on/off and property in device tree also.
- register cpuidle only for exynos4210 and exynos5250 because a
  system failure will be happened on other exynos SoCs.

* tag 'samsung-fixes-3' of git://git.kernel.org/pub/scm/linux/kernel/git/kgene/linux-samsung:
  ARM: EXYNOS: Register cpuidle device only on exynos4210 and 5250
  ARM: dts: Add clock property for mfc_pd in exynos5420
  clk: exynos5420: Add IDs for clocks used in PD mfc
  ARM: EXYNOS: Add support for clock handling in power domain
  ARM: dts: Update the parent for Audss clocks in Exynos5420

Signed-off-by: Olof Johansson <olof@lixom.net>
10 years agoMerge tag 'usb-3.16-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb
Linus Torvalds [Sat, 12 Jul 2014 21:13:10 +0000 (14:13 -0700)]
Merge tag 'usb-3.16-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb

Pull USB fixes from Greg KH:
 "Here are some small USB fixes, PHY driver fixes (they ended up in this
  tree for lack of somewhere else to put them), and some new USB device
  ids"

* tag 'usb-3.16-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb:
  phy: omap-usb2: Balance pm_runtime_enable() on probe failure and remove
  phy: core: Fix error path in phy_create()
  drivers: phy: phy-samsung-usb2.c: Add missing MODULE_DEVICE_TABLE
  phy: omap-usb2: fix devm_ioremap_resource error detection code
  phy: sun4i: depend on RESET_CONTROLLER
  USB: serial: ftdi_sio: Add Infineon Triboard
  USB: ftdi_sio: Add extra PID.
  usb: option: Add ID for Telewell TW-LTE 4G v2
  USB: cp210x: add support for Corsair usb dongle

10 years agoMerge tag 'tty-3.16-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty
Linus Torvalds [Sat, 12 Jul 2014 21:12:35 +0000 (14:12 -0700)]
Merge tag 'tty-3.16-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty

Pull tty/serial fixes from Greg KH:
 "Here are some small serial fixes that resolve some reported problems
  that started in 3.15 with some serial drivers.

  And there's a new dt binding for a serial driver, which was all that
  was needed for the renesas serial driver"

* tag 'tty-3.16-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty:
  serial: sh-sci: Add device tree support for r8a7{778,740,3a4} and sh73a0
  serial: imx: Fix build breakage
  serial: arc_uart: Use uart_circ_empty() for open-coded comparison
  serial: Test for no tx data on tx restart

10 years agoMerge tag 'char-misc-3.16-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregk...
Linus Torvalds [Sat, 12 Jul 2014 21:12:04 +0000 (14:12 -0700)]
Merge tag 'char-misc-3.16-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc

Pull char/misc driver fixes from Greg KH:
 "Here are two hyperv driver fixes, and one i8k driver fix for 3.16"

* tag 'char-misc-3.16-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc:
  i8k: Fix non-SMP operation
  Drivers: hv: util: Fix a bug in the KVP code
  Drivers: hv: vmbus: Fix a bug in the channel callback dispatch code

10 years agoMerge tag 'staging-3.16-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh...
Linus Torvalds [Sat, 12 Jul 2014 21:11:09 +0000 (14:11 -0700)]
Merge tag 'staging-3.16-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging

Pull IIO fixes from Greg KH:
 "Here are some IIO driver fixes for 3.16-rc5.  Nothing major, just
  resolves some minor issues that have been reported"

* tag 'staging-3.16-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging:
  iio: ti_am335x_adc: Fix: Use same step id at FIFOs both ends
  iio:tcs3472: Check for buffer enabled and locking
  iio: hid-sensor-prox: Fix return values
  iio: hid-sensor-gyro-3d: Fix return values
  iio: hid-sensor-als: Fix return values
  iio: hid-sensor-magn-3d: Fix return values
  iio: hid-sensor-accel-3d: Fix return values
  iio: hid-sensor-press: Fix return values

10 years agoext4: fix potential null pointer dereference in ext4_free_inode
Namjae Jeon [Sat, 12 Jul 2014 20:11:42 +0000 (16:11 -0400)]
ext4: fix potential null pointer dereference in ext4_free_inode

Fix potential null pointer dereferencing problem caused by e43bb4e612
("ext4: decrement free clusters/inodes counters when block group declared bad")

Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Namjae Jeon <namjae.jeon@samsung.com>
Signed-off-by: Ashish Sangwan <a.sangwan@samsung.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Reviewed-by: Lukas Czerner <lczerner@redhat.com>
10 years agoext4: fix a potential deadlock in __ext4_es_shrink()
Theodore Ts'o [Sat, 12 Jul 2014 19:32:24 +0000 (15:32 -0400)]
ext4: fix a potential deadlock in __ext4_es_shrink()

This fixes the following lockdep complaint:

[ INFO: possible circular locking dependency detected ]
3.16.0-rc2-mm1+ #7 Tainted: G           O
-------------------------------------------------------
kworker/u24:0/4356 is trying to acquire lock:
 (&(&sbi->s_es_lru_lock)->rlock){+.+.-.}, at: [<ffffffff81285fff>] __ext4_es_shrink+0x4f/0x2e0

but task is already holding lock:
 (&ei->i_es_lock){++++-.}, at: [<ffffffff81286961>] ext4_es_insert_extent+0x71/0x180

which lock already depends on the new lock.

 Possible unsafe locking scenario:

       CPU0                    CPU1
       ----                    ----
  lock(&ei->i_es_lock);
                               lock(&(&sbi->s_es_lru_lock)->rlock);
                               lock(&ei->i_es_lock);
  lock(&(&sbi->s_es_lru_lock)->rlock);

 *** DEADLOCK ***

6 locks held by kworker/u24:0/4356:
 #0:  ("writeback"){.+.+.+}, at: [<ffffffff81071d00>] process_one_work+0x180/0x560
 #1:  ((&(&wb->dwork)->work)){+.+.+.}, at: [<ffffffff81071d00>] process_one_work+0x180/0x560
 #2:  (&type->s_umount_key#22){++++++}, at: [<ffffffff811a9c74>] grab_super_passive+0x44/0x90
 #3:  (jbd2_handle){+.+...}, at: [<ffffffff812979f9>] start_this_handle+0x189/0x5f0
 #4:  (&ei->i_data_sem){++++..}, at: [<ffffffff81247062>] ext4_map_blocks+0x132/0x550
 #5:  (&ei->i_es_lock){++++-.}, at: [<ffffffff81286961>] ext4_es_insert_extent+0x71/0x180

stack backtrace:
CPU: 0 PID: 4356 Comm: kworker/u24:0 Tainted: G           O   3.16.0-rc2-mm1+ #7
Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
Workqueue: writeback bdi_writeback_workfn (flush-253:0)
 ffffffff8213dce0 ffff880014b07538 ffffffff815df0bb 0000000000000007
 ffffffff8213e040 ffff880014b07588 ffffffff815db3dd ffff880014b07568
 ffff880014b07610 ffff88003b868930 ffff88003b868908 ffff88003b868930
Call Trace:
 [<ffffffff815df0bb>] dump_stack+0x4e/0x68
 [<ffffffff815db3dd>] print_circular_bug+0x1fb/0x20c
 [<ffffffff810a7a3e>] __lock_acquire+0x163e/0x1d00
 [<ffffffff815e89dc>] ? retint_restore_args+0xe/0xe
 [<ffffffff815ddc7b>] ? __slab_alloc+0x4a8/0x4ce
 [<ffffffff81285fff>] ? __ext4_es_shrink+0x4f/0x2e0
 [<ffffffff810a8707>] lock_acquire+0x87/0x120
 [<ffffffff81285fff>] ? __ext4_es_shrink+0x4f/0x2e0
 [<ffffffff8128592d>] ? ext4_es_free_extent+0x5d/0x70
 [<ffffffff815e6f09>] _raw_spin_lock+0x39/0x50
 [<ffffffff81285fff>] ? __ext4_es_shrink+0x4f/0x2e0
 [<ffffffff8119760b>] ? kmem_cache_alloc+0x18b/0x1a0
 [<ffffffff81285fff>] __ext4_es_shrink+0x4f/0x2e0
 [<ffffffff812869b8>] ext4_es_insert_extent+0xc8/0x180
 [<ffffffff812470f4>] ext4_map_blocks+0x1c4/0x550
 [<ffffffff8124c4c4>] ext4_writepages+0x6d4/0xd00
...

Reported-by: Minchan Kim <minchan@kernel.org>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Reported-by: Minchan Kim <minchan@kernel.org>
Cc: stable@vger.kernel.org
Cc: Zheng Liu <gnehzuil.liu@gmail.com>
10 years agoDocumenation/laptops: rename and update hpfall.c
Pali Rohár [Sat, 12 Jul 2014 16:56:22 +0000 (09:56 -0700)]
Documenation/laptops: rename and update hpfall.c

Dell kernel driver dell-smo8800 provides same freefall interface as hp_accel so
program hpfall.c works also on Dell laptops. So rename it to freefall.c.

Dell driver does not provide hp::hddprotect led so make sure that freefall.c
works also if hp::hddprotect does not exist in sysfs.

Additionally write info to syslog.

Signed-off-by: Pali Rohár <pali.rohar@gmail.com>
Cc: Sonal Santan <sonal.santan@gmail.com>
Acked-by: Pavel Machek <pavel@ucw.cz>
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
10 years agoDocBook: fix various typos
Masanari Iida [Sat, 12 Jul 2014 16:55:28 +0000 (09:55 -0700)]
DocBook: fix various typos

This patch fixed spelling typo in various template files
within Documentation/Docbook.

Signed-off-by: Masanari Iida <standby24x7@gmail.com>
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
10 years agoDocBook: fix mtdnand typos
Masanari Iida [Sat, 12 Jul 2014 16:55:15 +0000 (09:55 -0700)]
DocBook: fix mtdnand typos

This patch fixed spelling typo found in DocBook/mtdnand.tmpl.

Signed-off-by: Masanari Iida <standby24x7@gmail.com>
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
10 years agoscripts/kernel-doc: handle object-like macros
Horia Geanta [Sat, 12 Jul 2014 16:55:03 +0000 (09:55 -0700)]
scripts/kernel-doc: handle object-like macros

Object-like macros are different than function-like macros:
https://gcc.gnu.org/onlinedocs/cpp/Object-like-Macros.html
https://gcc.gnu.org/onlinedocs/cpp/Function-like-Macros.html

They are not parsed correctly, generating invalid intermediate
files (xmls) for cases like:
    #define BIT_MASK    (0xFF << BIT_SHIFT)
where "OxFF <<" is considered to be parameter type.

When parsing, we can differentiate beween these two types of macros by
checking whether there is at least one whitespace b/w "#define" and
first opening parenthesis.

Signed-off-by: Horia Geanta <horia.geanta@freescale.com>
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
10 years agoDocumentation/Changes: clean up mcelog paragraph
Paul Bolle [Sat, 12 Jul 2014 16:54:52 +0000 (09:54 -0700)]
Documentation/Changes: clean up mcelog paragraph

The paragraph on mcelog currently describes kernel v2.6.31. In that
kernel the mce code (for i386, that is) was in transition. Ever since
v2.6.32 the situation is much simpler (eg, mcelog is now needed to
process events on almost all x86 machines, i386 and x86-64). Since this
"document is designed to provide a list of the minimum levels of
software necessary to run the 3.0 kernels" let's just describe that
situation.

Signed-off-by: Paul Bolle <pebolle@tiscali.nl>
Acked-by: Andi Kleen <ak@linux.intel.com>
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
10 years agoARM: at91: at91sam9x5: add clocks for usb device
Bo Shen [Fri, 11 Jul 2014 16:34:56 +0000 (18:34 +0200)]
ARM: at91: at91sam9x5: add clocks for usb device

Add clocks for usb device, or else switch to CCF, the gadget
won't work.

Reported-by: Jiri Prchal <jiri.prchal@aksignal.cz>
Signed-off-by: Bo Shen <voice.shen@atmel.com>
Acked-by: Alexandre Belloni <alexandre.belloni@free-electrons.com>
Tested-by: Jiri Prchal <jiri.prchal@aksignal.cz>
Signed-off-by: Nicolas Ferre <nicolas.ferre@atmel.com>
Signed-off-by: Olof Johansson <olof@lixom.net>
10 years agoMerge branch 'kprobes-test-fixes' of git://git.linaro.org/people/tixy/kernel into...
Russell King [Sat, 12 Jul 2014 12:59:24 +0000 (13:59 +0100)]
Merge branch 'kprobes-test-fixes' of git://git.linaro.org/people/tixy/kernel into fixes

10 years agophy: omap-usb2: Balance pm_runtime_enable() on probe failure and remove
Roger Quadros [Thu, 10 Jul 2014 06:25:03 +0000 (11:55 +0530)]
phy: omap-usb2: Balance pm_runtime_enable() on probe failure and remove

If probe fails then we need to call pm_runtime_disable() to balance
out the previous pm_runtime_enable() call. Else it will cause
unbalanced pm_runtime_enable() call in the succeding probe call.

This anomaly was observed when the call to devm_phy_create() failed
with -EPROBE_DEFER.

Balance out the pm_runtime_enable() call in .remove() as well.

Signed-off-by: Roger Quadros <rogerq@ti.com>
Signed-off-by: Kishon Vijay Abraham I <kishon@ti.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
10 years agophy: core: Fix error path in phy_create()
Roger Quadros [Thu, 10 Jul 2014 06:25:02 +0000 (11:55 +0530)]
phy: core: Fix error path in phy_create()

Prevent resources from being freed twice in case device_add() call
fails within phy_create(). Also use ida_simple_remove() instead of
ida_remove() as we had used ida_simple_get() to allocate the ida.

Cc: 3.13+ <stable@vger.kernel.org> # 3.13+
Signed-off-by: Roger Quadros <rogerq@ti.com>
Signed-off-by: Kishon Vijay Abraham I <kishon@ti.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
10 years agodrivers: phy: phy-samsung-usb2.c: Add missing MODULE_DEVICE_TABLE
Sjoerd Simons [Thu, 10 Jul 2014 06:25:01 +0000 (11:55 +0530)]
drivers: phy: phy-samsung-usb2.c: Add missing MODULE_DEVICE_TABLE

Allow phy-exynos-usb2 to be autoloaded based on devicetree information.
Tested on Odroid X2 with its USB subsystem build as modules.

Signed-off-by: Sjoerd Simons <sjoerd.simons@collabora.co.uk>
Signed-off-by: Kishon Vijay Abraham I <kishon@ti.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
10 years agophy: omap-usb2: fix devm_ioremap_resource error detection code
Himangi Saraogi [Thu, 10 Jul 2014 06:25:00 +0000 (11:55 +0530)]
phy: omap-usb2: fix devm_ioremap_resource error detection code

devm_ioremap_resource returns an ERR_PTR value, not NULL, on failure.

A simplified version of the semantic match that finds this problem is as
follows:

// <smpl>
@@
expression e,e1;
statement S;
@@

*e = devm_ioremap_resource(...);
if (!e1) S

// </smpl>

Signed-off-by: Himangi Saraogi <himangi774@gmail.com>
Acked-by: Julia Lawall <julia.lawall@lip6.fr>
Signed-off-by: Kishon Vijay Abraham I <kishon@ti.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
10 years agophy: sun4i: depend on RESET_CONTROLLER
Maxime Ripard [Thu, 10 Jul 2014 06:24:59 +0000 (11:54 +0530)]
phy: sun4i: depend on RESET_CONTROLLER

The driver depend on the reset framework in a mandatory way. Make sure
reset_control_get is defined by adding this dependency in Kconfig

Signed-off-by: Maxime Ripard <maxime.ripard@free-electrons.com>
Reported-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Kishon Vijay Abraham I <kishon@ti.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
10 years agoUSB: serial: ftdi_sio: Add Infineon Triboard
Michal Sojka [Thu, 10 Jul 2014 12:00:34 +0000 (14:00 +0200)]
USB: serial: ftdi_sio: Add Infineon Triboard

This adds support for Infineon TriBoard TC1798 [1]. Only interface 1
is used as serial line (see [2], Figure 8-6).

[1] http://www.infineon.com/cms/de/product/microcontroller/development-tools-software-and-kits/tricore-tm-development-tools-software-and-kits/starterkits-and-evaluation-boards/starter-kit-tc1798/channel.html?channel=db3a304333b8a7ca0133cfa3d73e4268
[2] http://www.infineon.com/dgdl/TriBoardManual-TC1798-V10.pdf?folderId=db3a304412b407950112b409ae7c0343&fileId=db3a304333b8a7ca0133cfae99fe426a

Signed-off-by: Michal Sojka <sojkam1@fel.cvut.cz>
Cc: Johan Hovold <johan@kernel.org>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
10 years agoserial: sh-sci: Add device tree support for r8a7{778,740,3a4} and sh73a0
Simon Horman [Fri, 11 Jul 2014 09:11:08 +0000 (11:11 +0200)]
serial: sh-sci: Add device tree support for r8a7{778,740,3a4} and sh73a0

Simply document new compat strings.
There appears to be no need for a driver updates.

Signed-off-by: Simon Horman <horms+renesas@verge.net.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
10 years agoserial: imx: Fix build breakage
Peter Hurley [Fri, 11 Jul 2014 02:36:46 +0000 (22:36 -0400)]
serial: imx: Fix build breakage

Fix breakage introduced by
commit c557d392fbf5badd693ea1946a4317c87a26a716,
'serial: Test for no tx data on tx restart'.

Reported-by: Stephen Rothwell <sfr@canb.auug.org.au>
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
10 years agoMerge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel...
Linus Torvalds [Sat, 12 Jul 2014 00:10:05 +0000 (17:10 -0700)]
Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

Pull x86 fixes from Peter Anvin:
 "A couple of further build fixes for the VDSO code.

  This is turning into a bit of a headache, and Andy has already come up
  with a more ultimate cleanup, but most likely that is 3.17 material"

* 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  x86-32, vdso: Fix vDSO build error due to missing align_vdso_addr()
  x86-64, vdso: Fix vDSO build breakage due to empty .rela.dyn

10 years agoMerge branch 'for-3.16' of git://linux-nfs.org/~bfields/linux
Linus Torvalds [Fri, 11 Jul 2014 22:10:04 +0000 (15:10 -0700)]
Merge branch 'for-3.16' of git://linux-nfs.org/~bfields/linux

Pull nfsd bugfix from Bruce Fields:
 "Another xdr encoding regression that may cause incorrect encoding on
  failures of certain readdirs"

* 'for-3.16' of git://linux-nfs.org/~bfields/linux:
  nfsd: Fix bad reserving space for encoding rdattr_error

10 years agoMerge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux
Linus Torvalds [Fri, 11 Jul 2014 22:09:15 +0000 (15:09 -0700)]
Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux

Pull arm64 fixes from Catalin Marinas:
 "ARM64 implementation of TASK_SIZE_OF and exporting two functions to
  modules"

* tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
  arm64: implement TASK_SIZE_OF
  arm64: export __cpu_{clear,copy}_user_page functions

10 years agoext4: revert commit which was causing fs corruption after journal replays
Theodore Ts'o [Fri, 11 Jul 2014 17:55:40 +0000 (13:55 -0400)]
ext4: revert commit which was causing fs corruption after journal replays

Commit 007649375f6af2 ("ext4: initialize multi-block allocator before
checking block descriptors") causes the block group descriptor's count
of the number of free blocks to become inconsistent with the number of
free blocks in the allocation bitmap.  This is a harmless form of fs
corruption, but it causes the kernel to potentially remount the file
system read-only, or to panic, depending on the file systems's error
behavior.

Thanks to Eric Whitney for his tireless work to reproduce and to find
the guilty commit.

Fixes: 007649375f6af2 ("ext4: initialize multi-block allocator before checking block descriptors"
Cc: stable@vger.kernel.org # 3.15
Reported-by: David Jander <david@protonic.nl>
Reported-by: Matteo Croce <technoboy85@gmail.com>
Tested-by: Eric Whitney <enwlinux@gmail.com>
Suggested-by: Eric Whitney <enwlinux@gmail.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
10 years agoMerge tag 'dm-3.16-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/device...
Linus Torvalds [Fri, 11 Jul 2014 16:33:36 +0000 (09:33 -0700)]
Merge tag 'dm-3.16-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm

Pull device mapper fixes from Mike Snitzer:

 - Fix DM multipath IO hang regression from 3.15 due to logic bug in
   multipath_busy.  This impacted cable-pull testing and also the
   ability to boot with IPR SCSI on a POWER8 box.

 - Fix possible deadlock with deferred device removal by using a new
   dedicated workqueue rather than using the system workqueue.

 - Fix NULL pointer crash due to race condition in dm-io's wake up code
   for sync_io by using a completion.

 - Update dm-crypt and dm-zero author name following legal name change;
   this is important to Jana so I didn't see any reason to hold it back.

* tag 'dm-3.16-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm:
  dm mpath: fix IO hang due to logic bug in multipath_busy
  dm io: fix a race condition in the wake up code for sync_io
  dm crypt, dm zero: update author name following legal name change
  dm: allocate a special workqueue for deferred device removal

10 years agoMerge branch 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc
Linus Torvalds [Fri, 11 Jul 2014 16:32:39 +0000 (09:32 -0700)]
Merge branch 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc

Pull powerpc fixes from Ben Herrenschmidt:
 "Here are a few more powerpc fixes for 3.16

  There's a small series of 3 patches that fix saving/restoring MMUCR2
  when using KVM without which perf goes completely bonkers in the host
  system.  Another perf fix from Anton that's been rotting away in
  patchwork due to my poor eyesight, a couple of compile fixes, a little
  addition to the WSP removal by Michael (removing a bit more dead
  stuff) and a fix for an embarassing regression with our soft irq
  masking"

* 'merge' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc:
  powerpc/perf: Never program book3s PMCs with values >= 0x80000000
  powerpc: Disable RELOCATABLE for COMPILE_TEST with PPC64
  powerpc/perf: Clear MMCR2 when enabling PMU
  powerpc/perf: Add PPMU_ARCH_207S define
  powerpc/kvm: Remove redundant save of SIER AND MMCR2
  powerpc/powernv: Check for IRQHAPPENED before sleeping
  powerpc: Clean up MMU_FTRS_A2 and MMU_FTR_TYPE_3E
  powerpc/cell: Fix compilation with CONFIG_COREDUMP=n

10 years agom68k: Export mach_random_get_entropy to modules
Geert Uytterhoeven [Thu, 10 Jul 2014 16:03:17 +0000 (18:03 +0200)]
m68k: Export mach_random_get_entropy to modules

When a module calls random_get_entropy():

    ERROR: "mach_random_get_entropy" [crypto/drbg.ko] undefined!
    make[1]: *** [__modpost] Error 1

Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>
10 years agopowerpc/perf: Never program book3s PMCs with values >= 0x80000000
Anton Blanchard [Wed, 28 May 2014 22:15:38 +0000 (08:15 +1000)]
powerpc/perf: Never program book3s PMCs with values >= 0x80000000

We are seeing a lot of PMU warnings on POWER8:

    Can't find PMC that caused IRQ

Looking closer, the active PMC is 0 at this point and we took a PMU
exception on the transition from negative to 0. Some versions of POWER8
have an issue where they edge detect and not level detect PMC overflows.

A number of places program the PMC with (0x80000000 - period_left),
where period_left can be negative. We can either fix all of these or
just ensure that period_left is always >= 1.

This patch takes the second option.

Cc: <stable@vger.kernel.org>
Signed-off-by: Anton Blanchard <anton@samba.org>
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
10 years agoMerge branch 'drm-fixes' of git://people.freedesktop.org/~airlied/linux
Linus Torvalds [Fri, 11 Jul 2014 03:37:33 +0000 (20:37 -0700)]
Merge branch 'drm-fixes' of git://people.freedesktop.org/~airlied/linux

Pull drm fixes from Dave Airlie:
 "Nothing too scary, we have one outstanding i915 regression but Daniel
  has promised the fix as soon as he's finished testing it a bit.

  Fixes for the main x86 drivers:
   - radeon: dpm fixes, displayport regression fix
   - i915: quirks for backlight regression, edp reboot fix, valleyview
     black screen fixes
   - nouveau: display port regression fixes, fix for memory reclocking"

* 'drm-fixes' of git://people.freedesktop.org/~airlied/linux:
  drm/radeon/dpm: Reenabling SS on Cayman
  drm/radeon: fix typo in ci_stop_dpm()
  drm/radeon: fix typo in golden register setup on evergreen
  drm/radeon: only print meaningful VM faults
  drm/radeon/dp: return -EIO for flags not zero case
  drm/i915/vlv: T12 eDP panel timing enforcement during reboot
  drm/i915: Only unbind vgacon, not other console drivers
  drm/i915: Don't clobber the GTT when it's within stolen memory
  drm/i915/vlv: Update the DSI ULPS entry/exit sequence
  drm/i915/vlv: DPI FIFO empty check is not needed
  drm/i915: Toshiba CB35 has a controllable backlight
  drm/i915: Acer C720 and C720P have controllable backlights
  drm/i915: quirk asserts controllable backlight presence, overriding VBT
  drm/nouveau/ram: fix test for gpio presence
  drm/nouveau/dp: workaround broken display
  drm/nouveau/dp: fix required link bandwidth calculations
  drm/nouveau/kms: restore fbcon after display has been resumed
  drm/nv50-/kms: pass a non-zero value for head to sor dpms methods
  drm/nouveau/fb: Prevent inlining of ramfuc_reg
  drm/gk104/ram: bash mpll bit 31 on

10 years agopowerpc: Disable RELOCATABLE for COMPILE_TEST with PPC64
Guenter Roeck [Mon, 30 Jun 2014 18:45:30 +0000 (11:45 -0700)]
powerpc: Disable RELOCATABLE for COMPILE_TEST with PPC64

powerpc:allmodconfig has been failing for some time with the following
error.

arch/powerpc/kernel/exceptions-64s.S: Assembler messages:
arch/powerpc/kernel/exceptions-64s.S:1312: Error: attempt to move .org backwards
make[1]: *** [arch/powerpc/kernel/head_64.o] Error 1

A number of attempts to fix the problem by moving around code have been
unsuccessful and resulted in failed builds for some configurations and
the discovery of toolchain bugs.

Fix the problem by disabling RELOCATABLE for COMPILE_TEST builds instead.
While this is less than perfect, it avoids substantial code changes
which would otherwise be necessary just to make COMPILE_TEST builds
happy and might have undesired side effects.

Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
10 years agopowerpc/perf: Clear MMCR2 when enabling PMU
Joel Stanley [Tue, 8 Jul 2014 06:38:22 +0000 (16:08 +0930)]
powerpc/perf: Clear MMCR2 when enabling PMU

On POWER8 when switching to a KVM guest we set bits in MMCR2 to freeze
the PMU counters. Aside from on boot they are then never reset,
resulting in stuck perf counters for any user in the guest or host.

We now set MMCR2 to 0 whenever enabling the PMU, which provides a sane
state for perf to use the PMU counters under either the guest or the
host.

This was manifesting as a bug with ppc64_cpu --frequency:

    $ sudo ppc64_cpu --frequency
    WARNING: couldn't run on cpu 0
    WARNING: couldn't run on cpu 8
      ...
    WARNING: couldn't run on cpu 144
    WARNING: couldn't run on cpu 152
    min:    18446744073.710 GHz (cpu -1)
    max:    0.000 GHz (cpu -1)
    avg:    0.000 GHz

The command uses a perf counter to measure CPU cycles over a fixed
amount of time, in order to approximate the frequency of the machine.
The counters were returning zero once a guest was started, regardless of
weather it was still running or had been shut down.

By dumping the value of MMCR2, it was observed that once a guest is
running MMCR2 is set to 1s - which stops counters from running:

    $ sudo sh -c 'echo p > /proc/sysrq-trigger'
    CPU: 0 PMU registers, ppmu = POWER8 n_counters = 6
    PMC1:  5b635e38 PMC2: 00000000 PMC3: 00000000 PMC4: 00000000
    PMC5:  1bf5a646 PMC6: 5793d378 PMC7: deadbeef PMC8: deadbeef
    MMCR0: 0000000080000000 MMCR1: 000000001e000000 MMCRA: 0000040000000000
    MMCR2: fffffffffffffc00 EBBHR: 0000000000000000
    EBBRR: 0000000000000000 BESCR: 0000000000000000
    SIAR:  00000000000a51cc SDAR:  c00000000fc40000 SIER:  0000000001000000

This is done unconditionally in book3s_hv_interrupts.S upon entering the
guest, and the original value is only save/restored if the host has
indicated it was using the PMU. This is okay, however the user of the
PMU needs to ensure that it is in a defined state when it starts using
it.

Fixes: e05b9b9e5c10 ("powerpc/perf: Power8 PMU support")
Cc: stable@vger.kernel.org
Signed-off-by: Joel Stanley <joel@jms.id.au>
Acked-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
10 years agopowerpc/perf: Add PPMU_ARCH_207S define
Joel Stanley [Tue, 8 Jul 2014 06:38:21 +0000 (16:08 +0930)]
powerpc/perf: Add PPMU_ARCH_207S define

Instead of separate bits for every POWER8 PMU feature, have a single one
for v2.07 of the architecture.

This saves us adding a MMCR2 define for a future patch.

Cc: stable@vger.kernel.org
Signed-off-by: Joel Stanley <joel@jms.id.au>
Acked-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>