Rasmus Villemoes [Wed, 14 Jan 2015 16:10:12 +0000 (16:10 +0000)]
MPILIB: Fix comparison of negative MPIs
If u and v both represent negative integers and their limb counts
happen to differ, mpi_cmp will always return a positive value - this
is obviously bogus. u is smaller than v if and only if it is larger in
absolute value.
Signed-off-by: Rasmus Villemoes <linux@rasmusvillemoes.dk>
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Dmitry Kasatkin <dmitry.kasatkin@gmail.com>
Rasmus Villemoes [Wed, 14 Jan 2015 15:16:00 +0000 (15:16 +0000)]
MPILIB: Fix obvious but harmless typo
The macro MPN_COPY_INCR this occurs in isn't used anywhere.
Signed-off-by: Rasmus Villemoes <linux@rasmusvillemoes.dk>
Signed-off-by: David Howells <dhowells@redhat.com>
Rasmus Villemoes [Wed, 14 Jan 2015 15:15:57 +0000 (15:15 +0000)]
MPILIB: Deobfuscate mpi_cmp
The condition preceding 'return 1;' makes my head hurt. At this point,
we know that u and v have the same sign; if they are negative, they
compare opposite to how their absolute values compare (which
mpihelp_cmp found for us), otherwise cmp itself is the
answer. Negating cmp is ok since mpihelp_cmp returns {-1,0,1};
-INT_MIN==INT_MIN won't bite us.
Signed-off-by: Rasmus Villemoes <linux@rasmusvillemoes.dk>
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Dmitry Kasatkin <dmitry.kasatkin@gmail.com>
James Morris [Thu, 4 Dec 2014 21:49:14 +0000 (08:49 +1100)]
Merge branch 'next' of git://git.infradead.org/users/pcmoore/selinux into next
Yao Dongdong [Fri, 28 Nov 2014 04:25:35 +0000 (04:25 +0000)]
selinux: Remove security_ops extern
security_ops is not used in this file.
Signed-off-by: Yao Dongdong <yaodongdong@huawei.com>
Signed-off-by: Paul Moore <pmoore@redhat.com>
James Morris [Wed, 26 Nov 2014 13:35:32 +0000 (00:35 +1100)]
Merge branch 'smack-for-3.19' of git://git.gitorious.org/smack-next/kernel into next
Andrey Ryabinin [Sat, 8 Nov 2014 14:48:05 +0000 (17:48 +0300)]
security: smack: fix out-of-bounds access in smk_parse_smack()
Setting smack label on file (e.g. 'attr -S -s SMACK64 -V "test" test')
triggered following spew on the kernel with KASan applied:
==================================================================
BUG: AddressSanitizer: out of bounds access in strncpy+0x28/0x60 at addr
ffff8800059ad064
=============================================================================
BUG kmalloc-8 (Not tainted): kasan error
-----------------------------------------------------------------------------
Disabling lock debugging due to kernel taint
INFO: Slab 0xffffea0000166b40 objects=128 used=7 fp=0xffff8800059ad080 flags=0x4000000000000080
INFO: Object 0xffff8800059ad060 @offset=96 fp=0xffff8800059ad080
Bytes b4
ffff8800059ad050: a0 df 9a 05 00 88 ff ff 5a 5a 5a 5a 5a 5a 5a 5a ........ZZZZZZZZ
Object
ffff8800059ad060: 74 65 73 74 6b 6b 6b a5 testkkk.
Redzone
ffff8800059ad068: cc cc cc cc cc cc cc cc ........
Padding
ffff8800059ad078: 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZ
CPU: 0 PID: 528 Comm: attr Tainted: G B 3.18.0-rc1-mm1+ #5
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
0000000000000000 ffff8800059ad064 ffffffff81534cf2 ffff880005a5bc40
ffffffff8112fe1a 0000000100800006 0000000f059ad060 ffff880006000f90
0000000000000296 ffffea0000166b40 ffffffff8107ca97 ffff880005891060
Call Trace:
? dump_stack (lib/dump_stack.c:52)
? kasan_report_error (mm/kasan/report.c:102 mm/kasan/report.c:178)
? preempt_count_sub (kernel/sched/core.c:2651)
? __asan_load1 (mm/kasan/kasan.h:50 mm/kasan/kasan.c:248 mm/kasan/kasan.c:358)
? strncpy (lib/string.c:121)
? strncpy (lib/string.c:121)
? smk_parse_smack (security/smack/smack_access.c:457)
? setxattr (fs/xattr.c:343)
? smk_import_entry (security/smack/smack_access.c:514)
? smack_inode_setxattr (security/smack/smack_lsm.c:1093 (discriminator 1))
? security_inode_setxattr (security/security.c:602)
? vfs_setxattr (fs/xattr.c:134)
? setxattr (fs/xattr.c:343)
? setxattr (fs/xattr.c:360)
? get_parent_ip (kernel/sched/core.c:2606)
? preempt_count_sub (kernel/sched/core.c:2651)
? __percpu_counter_add (arch/x86/include/asm/preempt.h:98 lib/percpu_counter.c:90)
? get_parent_ip (kernel/sched/core.c:2606)
? preempt_count_sub (kernel/sched/core.c:2651)
? __mnt_want_write (arch/x86/include/asm/preempt.h:98 fs/namespace.c:359)
? path_setxattr (fs/xattr.c:380)
? SyS_lsetxattr (fs/xattr.c:397)
? system_call_fastpath (arch/x86/kernel/entry_64.S:423)
Read of size 1 by task attr:
Memory state around the buggy address:
ffff8800059ace80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
ffff8800059acf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
ffff8800059acf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>
ffff8800059ad000: 00 fc fc fc 00 fc fc fc 05 fc fc fc 04 fc fc fc
^
ffff8800059ad080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
ffff8800059ad100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
ffff8800059ad180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================
strncpy() copies one byte more than the source string has.
Fix this by passing the correct length to strncpy().
Now we can remove initialization of the last byte in 'smack' string
because kzalloc() already did this for us.
Signed-off-by: Andrey Ryabinin <a.ryabinin@samsung.com>
James Morris [Wed, 19 Nov 2014 10:36:07 +0000 (21:36 +1100)]
Merge branch 'next' of git://git./linux/kernel/git/zohar/linux-integrity into next
James Morris [Wed, 19 Nov 2014 10:32:12 +0000 (21:32 +1100)]
Merge commit 'v3.17' into next
Dmitry Kasatkin [Wed, 5 Nov 2014 15:01:17 +0000 (17:01 +0200)]
VFS: refactor vfs_read()
integrity_kernel_read() duplicates the file read operations code
in vfs_read(). This patch refactors vfs_read() code creating a
helper function __vfs_read(). It is used by both vfs_read() and
integrity_kernel_read().
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Dmitry Kasatkin [Wed, 5 Nov 2014 15:01:16 +0000 (17:01 +0200)]
ima: require signature based appraisal
This patch provides CONFIG_IMA_APPRAISE_SIGNED_INIT kernel configuration
option to force IMA appraisal using signatures. This is useful, when EVM
key is not initialized yet and we want securely initialize integrity or
any other functionality.
It forces embedded policy to require signature. Signed initialization
script can initialize EVM key, update the IMA policy and change further
requirement of everything to be signed.
Changes in v3:
* kernel parameter fixed to configuration option in the patch description
Changes in v2:
* policy change of this patch separated from the key loading patch
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Dmitry Kasatkin [Wed, 5 Nov 2014 15:01:15 +0000 (17:01 +0200)]
integrity: provide a hook to load keys when rootfs is ready
Keys can only be loaded once the rootfs is mounted. Initcalls
are not suitable for that. This patch defines a special hook
to load the x509 public keys onto the IMA keyring, before
attempting to access any file. The keys are required for
verifying the file's signature. The hook is called after the
root filesystem is mounted and before the kernel calls 'init'.
Changes in v3:
* added more explanation to the patch description (Mimi)
Changes in v2:
* Hook renamed as 'integrity_load_keys()' to handle both IMA and EVM
keys by integrity subsystem.
* Hook patch moved after defining loading functions
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Dmitry Kasatkin [Wed, 5 Nov 2014 15:01:14 +0000 (17:01 +0200)]
ima: load x509 certificate from the kernel
Define configuration option to load X509 certificate into the
IMA trusted kernel keyring. It implements ima_load_x509() hook
to load X509 certificate into the .ima trusted kernel keyring
from the root filesystem.
Changes in v3:
* use ima_policy_flag in ima_get_action()
ima_load_x509 temporarily clears ima_policy_flag to disable
appraisal to load key. Use it to skip appraisal rules.
* Key directory path changed to /etc/keys (Mimi)
* Expand IMA_LOAD_X509 Kconfig help
Changes in v2:
* added '__init'
* use ima_policy_flag to disable appraisal to load keys
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Dmitry Kasatkin [Wed, 5 Nov 2014 15:01:13 +0000 (17:01 +0200)]
integrity: provide a function to load x509 certificate from the kernel
Provide the function to load x509 certificates from the kernel into the
integrity kernel keyring.
Changes in v2:
* configuration option removed
* function declared as '__init'
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Dmitry Kasatkin [Wed, 5 Nov 2014 15:01:12 +0000 (17:01 +0200)]
integrity: define a new function integrity_read_file()
This patch defines a new function called integrity_read_file()
to read file from the kernel into a buffer. Subsequent patches
will read a file containing the public keys and load them onto
the IMA keyring.
This patch moves and renames ima_kernel_read(), the non-security
checking version of kernel_read(), to integrity_kernel_read().
Changes in v3:
* Patch descriptions improved (Mimi)
* Add missing cast (kbuild test robot)
Changes in v2:
* configuration option removed
* function declared as '__init'
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Richard Guy Briggs [Wed, 12 Nov 2014 19:01:34 +0000 (14:01 -0500)]
selinux: convert WARN_ONCE() to printk() in selinux_nlmsg_perm()
Convert WARN_ONCE() to printk() in selinux_nlmsg_perm().
After conversion from audit_log() in commit
e173fb26, WARN_ONCE() was
deemed too alarmist, so switch it to printk().
Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
[PM: Changed to printk(WARNING) so we catch all of the different
invalid netlink messages. In Richard's defense, he brought this
point up earlier, but I didn't understand his point at the time.]
Signed-off-by: Paul Moore <pmoore@redhat.com>
Rohit [Wed, 15 Oct 2014 12:10:41 +0000 (17:40 +0530)]
Security: smack: replace kzalloc with kmem_cache for inode_smack
The patch use kmem_cache to allocate/free inode_smack since they are
alloced in high volumes making it a perfect case for kmem_cache.
As per analysis, 24 bytes of memory is wasted per allocation due
to internal fragmentation. With kmem_cache, this can be avoided.
Accounting of memory allocation is below :
total slack net count-alloc/free caller
Before (with kzalloc)
1919872 719952
1919872 29998/0 new_inode_smack+0x14
After (with kmem_cache)
1201680 0
1201680 30042/0 new_inode_smack+0x18
>From above data, we found that 719952 bytes(~700 KB) of memory is
saved on allocation of 29998 smack inodes.
Signed-off-by: Rohit <rohit.kr@samsung.com>
Casey Schaufler [Thu, 9 Oct 2014 23:18:55 +0000 (16:18 -0700)]
Smack: Lock mode for the floor and hat labels
The lock access mode allows setting a read lock on a file
for with the process has only read access. The floor label is
defined to make it easy to have the basic system installed such
that everyone can read it. Once there's a desire to read lock
(rationally or otherwise) a floor file a rule needs to get set.
This happens all the time, so make the floor label a little bit
more special and allow everyone lock access, too. By implication,
give processes with the hat label (hat can read everything)
lock access as well. This reduces clutter in the Smack rule set.
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Stephen Smalley [Mon, 6 Oct 2014 20:32:52 +0000 (16:32 -0400)]
selinux: fix inode security list corruption
sb_finish_set_opts() can race with inode_free_security()
when initializing inode security structures for inodes
created prior to initial policy load or by the filesystem
during ->mount(). This appears to have always been
a possible race, but commit
3dc91d4 ("SELinux: Fix possible
NULL pointer dereference in selinux_inode_permission()")
made it more evident by immediately reusing the unioned
list/rcu element of the inode security structure for call_rcu()
upon an inode_free_security(). But the underlying issue
was already present before that commit as a possible use-after-free
of isec.
Shivnandan Kumar reported the list corruption and proposed
a patch to split the list and rcu elements out of the union
as separate fields of the inode_security_struct so that setting
the rcu element would not affect the list element. However,
this would merely hide the issue and not truly fix the code.
This patch instead moves up the deletion of the list entry
prior to dropping the sbsec->isec_lock initially. Then,
if the inode is dropped subsequently, there will be no further
references to the isec.
Reported-by: Shivnandan Kumar <shivnandan.k@samsung.com>
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Cc: stable@vger.kernel.org
Signed-off-by: Paul Moore <pmoore@redhat.com>
Roberto Sassu [Mon, 13 Oct 2014 12:08:42 +0000 (14:08 +0200)]
ima: added support for new kernel cmdline parameter ima_template_fmt
This patch allows users to provide a custom template format through the
new kernel command line parameter 'ima_template_fmt'. If the supplied
format is not valid, IMA uses the default template descriptor.
Changelog:
- v3:
- added check for 'fields' and 'num_fields' in
template_desc_init_fields() (suggested by Mimi Zohar)
- v2:
- using template_desc_init_fields() to validate a format string
(Roberto Sassu)
- updated documentation by stating that only the chosen template
descriptor is initialized (Roberto Sassu)
- v1:
- simplified code of ima_template_fmt_setup()
(Roberto Sassu, suggested by Mimi Zohar)
Signed-off-by: Roberto Sassu <roberto.sassu@polito.it>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Roberto Sassu [Mon, 13 Oct 2014 12:08:41 +0000 (14:08 +0200)]
ima: allocate field pointers array on demand in template_desc_init_fields()
The allocation of a field pointers array is moved at the end of
template_desc_init_fields() and done only if the value of the 'fields'
and 'num_fields' parameters is not NULL. For just validating a template
format string, retrieved template field pointers are placed in a temporary
array.
Changelog:
- v3:
- do not check in this patch if 'fields' and 'num_fields' are NULL
(suggested by Mimi Zohar)
Signed-off-by: Roberto Sassu <roberto.sassu@polito.it>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Roberto Sassu [Mon, 13 Oct 2014 12:08:40 +0000 (14:08 +0200)]
ima: don't allocate a copy of template_fmt in template_desc_init_fields()
This patch removes the allocation of a copy of 'template_fmt', needed for
iterating over all fields in the passed template format string. The removal
was possible by replacing strcspn(), which modifies the passed string,
with strchrnul(). The currently processed template field is copied in
a temporary variable.
The purpose of this change is use template_desc_init_fields() in two ways:
for just validating a template format string (the function should work
if called by a setup function, when memory cannot be allocated), and for
actually initializing a template descriptor. The implementation of this
feature will be complete with the next patch.
Changelog:
- v3:
- added 'goto out' in template_desc_init_fields() to free allocated
memory if a template field length is not valid (suggested by
Mimi Zohar)
Signed-off-by: Roberto Sassu <roberto.sassu@polito.it>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Roberto Sassu [Mon, 13 Oct 2014 12:08:39 +0000 (14:08 +0200)]
ima: display template format in meas. list if template name length is zero
With the introduction of the 'ima_template_fmt' kernel cmdline parameter,
a user can define a new template descriptor with custom format. However,
in this case, userspace tools will be unable to parse the measurements
list because the new template is unknown. For this reason, this patch
modifies the current IMA behavior to display in the list the template
format instead of the name (only if the length of the latter is zero)
so that a tool can extract needed information if it can handle listed
fields.
This patch also correctly displays the error log message in
ima_init_template() if the selected template cannot be initialized.
Changelog:
- v3:
- check the first byte of 'e->template_desc->name' instead of using
strlen() in ima_fs.c (suggested by Mimi Zohar)
- v2:
- print the template format in ima_init_template(), if the selected
template is custom (Roberto Sassu)
- v1:
- fixed patch description (Roberto Sassu, suggested by Mimi Zohar)
- set 'template_name' variable in ima_fs.c only once
(Roberto Sassu, suggested by Mimi Zohar)
Signed-off-by: Roberto Sassu <roberto.sassu@polito.it>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Roberto Sassu [Mon, 13 Oct 2014 12:08:38 +0000 (14:08 +0200)]
ima: added error messages to template-related functions
This patch adds some error messages to inform users about the following
events: template descriptor not found, invalid template descriptor,
template field not found and template initialization failed.
Changelog:
- v2:
- display an error message if the format string contains too many
fields (Roberto Sassu)
Signed-off-by: Roberto Sassu <roberto.sassu@polito.it>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Dmitry Kasatkin [Fri, 3 Oct 2014 11:40:21 +0000 (14:40 +0300)]
ima: use atomic bit operations to protect policy update interface
The current implementation uses an atomic counter to provide exclusive
access to the sysfs 'policy' entry to update the IMA policy. While it is
highly unlikely, the usage of a counter might potentially allow another
process to overflow the counter, open the interface and insert additional
rules into the policy being loaded.
This patch replaces using an atomic counter with atomic bit operations
which is more reliable and a widely used method to provide exclusive access.
As bit operation keep the interface locked after successful update, it makes
it unnecessary to verify if the default policy was set or not during parsing
and interface closing. This patch also removes that code.
Changes in v3:
* move audit log message to ima_relead_policy() to report successful and
unsuccessful result
* unnecessary comment removed
Changes in v2:
* keep interface locked after successful policy load as in original design
* remove sysfs entry as in original design
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Dmitry Kasatkin [Fri, 3 Oct 2014 11:40:20 +0000 (14:40 +0300)]
ima: ignore empty and with whitespaces policy lines
Empty policy lines cause parsing failures which is, especially
for new users, hard to spot. This patch prevents it.
Changes in v2:
* strip leading blanks and tabs in rules to prevent parsing failures
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Dmitry Kasatkin [Fri, 3 Oct 2014 11:40:19 +0000 (14:40 +0300)]
ima: no need to allocate entry for comment
If a rule is a comment, there is no need to allocate an entry.
Move the checking for comments before allocating the entry.
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Dmitry Kasatkin [Fri, 3 Oct 2014 11:40:18 +0000 (14:40 +0300)]
ima: report policy load status
Audit messages are rate limited, often causing the policy update
info to not be visible. Report policy loading status also using
pr_info.
Changes in v2:
* reporting moved to ima_release_policy to notice parsing errors
* reporting both completed and failed status
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Dmitry Kasatkin [Wed, 1 Oct 2014 18:43:10 +0000 (21:43 +0300)]
ima: use path names cache
__getname() uses slab allocation which is faster than kmalloc.
Make use of it.
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Dmitry Kasatkin [Wed, 1 Oct 2014 18:43:08 +0000 (21:43 +0300)]
evm: skip replacing EVM signature with HMAC on read-only filesystem
If filesystem is mounted read-only or file is immutable, updating
xattr will fail. This is a usual case during early boot until
filesystem is remount read-write. This patch verifies conditions
to skip unnecessary attempt to calculate HMAC and set xattr.
Changes in v2:
* indention changed according to Lindent (requested by Mimi)
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Dmitry Kasatkin [Wed, 1 Oct 2014 18:43:07 +0000 (21:43 +0300)]
integrity: add missing '__init' keyword for integrity_init_keyring()
integrity_init_keyring() is used only from kernel '__init'
functions. Add it there as well.
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Dmitry Kasatkin [Wed, 24 Sep 2014 08:05:10 +0000 (11:05 +0300)]
ima: check ima_policy_flag in the ima_file_free() hook
This patch completes the switching to the 'ima_policy_flag' variable
in the checks at the beginning of IMA functions, starting with the
commit
a756024e.
Checking 'iint_initialized' is completely unnecessary, because
S_IMA flag is unset if iint was not allocated. At the same time
the integrity cache is allocated with SLAB_PANIC and the kernel will
panic if the allocation fails during kernel initialization. So on
a running system iint_initialized is always true and can be removed.
Changes in v3:
* not limiting test to IMA_APPRAISE (spotted by Roberto Sassu)
Changes in v2:
* 'iint_initialized' removal patch merged to this patch (requested
by Mimi)
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Acked-by: Roberto Sassu <roberto.sassu@polito.it>
Dmitry Kasatkin [Mon, 6 Oct 2014 16:31:58 +0000 (17:31 +0100)]
integrity: do zero padding of the key id
Latest KEYS code return error if hexadecimal string length id odd.
Fix it.
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Dmitry Kasatkin [Mon, 6 Oct 2014 16:25:45 +0000 (17:25 +0100)]
KEYS: output last portion of fingerprint in /proc/keys
Previous version of KEYS used to output last 4 bytes of fingerprint.
Now it outputs 8 last bytes of raw subject, which does not make any
visual meaning at all. This patch restores old behavior.
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Dmitry Kasatkin [Mon, 6 Oct 2014 16:02:32 +0000 (17:02 +0100)]
KEYS: strip 'id:' from ca_keyid
The 'id:' prefix must be stripped for asymmetric_key_hex_to_key_id() to be
able to process ca_keyid.
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Dmitry Kasatkin [Mon, 6 Oct 2014 15:52:12 +0000 (16:52 +0100)]
KEYS: use swapped SKID for performing partial matching
Earlier KEYS code used pure subject key identifiers (fingerprint)
for searching keys. Latest merged code removed that and broke
compatibility with integrity subsytem signatures and original
format of module signatures.
This patch returns back partial matching on SKID.
Reported-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Dmitry Kasatkin [Mon, 6 Oct 2014 14:21:05 +0000 (15:21 +0100)]
KEYS: Restore partial ID matching functionality for asymmetric keys
Bring back the functionality whereby an asymmetric key can be matched with a
partial match on one of its IDs.
Whilst we're at it, allow for the possibility of having an increased number of
IDs.
Reported-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Linus Torvalds [Sun, 5 Oct 2014 19:23:04 +0000 (12:23 -0700)]
Linux 3.17
Linus Torvalds [Sun, 5 Oct 2014 17:16:11 +0000 (10:16 -0700)]
Merge tag 'scsi-fixes' of git://git./linux/kernel/git/jejb/scsi
Pull SCSI fixes from James Bottomley:
"This is a set of two small fixes, both to code which went in during
the merge window: cxgb4i has a scheduling in atomic bug in its new
ipv6 code and uas fails to work properly with the new scsi-mq code"
* tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
[SCSI] uas: disable use of blk-mq I/O path
[SCSI] cxgb4i: avoid holding mutex in interrupt context
Linus Torvalds [Sat, 4 Oct 2014 16:32:47 +0000 (09:32 -0700)]
Merge tag 'tiny/kconfig-for-3.17' of https://git./linux/kernel/git/josh/linux
Pull kconfig fixes for tiny setups from Josh Triplett:
"Two Kconfig bugfixes for 3.17 related to tinification. These fixes
make the Kconfig "General Setup" menu much more usable"
* tag 'tiny/kconfig-for-3.17' of https://git.kernel.org/pub/scm/linux/kernel/git/josh/linux:
init/Kconfig: Fix HAVE_FUTEX_CMPXCHG to not break up the EXPERT menu
init/Kconfig: Hide printk log config if CONFIG_PRINTK=n
Josh Triplett [Fri, 3 Oct 2014 23:19:24 +0000 (16:19 -0700)]
init/Kconfig: Fix HAVE_FUTEX_CMPXCHG to not break up the EXPERT menu
commit
03b8c7b623c80af264c4c8d6111e5c6289933666 ("futex: Allow
architectures to skip futex_atomic_cmpxchg_inatomic() test") added the
HAVE_FUTEX_CMPXCHG symbol right below FUTEX. This placed it right in
the middle of the options for the EXPERT menu. However,
HAVE_FUTEX_CMPXCHG does not depend on EXPERT or FUTEX, so Kconfig stops
placing items in the EXPERT menu, and displays the remaining several
EXPERT items (starting with EPOLL) directly in the General Setup menu.
Since both users of HAVE_FUTEX_CMPXCHG only select it "if FUTEX", make
HAVE_FUTEX_CMPXCHG itself depend on FUTEX. With this change, the
subsequent items display as part of the EXPERT menu again; the EMBEDDED
menu now appears as the next top-level item in the General Setup menu,
which makes General Setup much shorter and more usable.
Signed-off-by: Josh Triplett <josh@joshtriplett.org>
Acked-by: Randy Dunlap <rdunlap@infradead.org>
Cc: stable <stable@vger.kernel.org>
Josh Triplett [Fri, 3 Oct 2014 23:00:54 +0000 (16:00 -0700)]
init/Kconfig: Hide printk log config if CONFIG_PRINTK=n
The buffers sized by CONFIG_LOG_BUF_SHIFT and
CONFIG_LOG_CPU_MAX_BUF_SHIFT do not exist if CONFIG_PRINTK=n, so don't
ask about their size at all.
Signed-off-by: Josh Triplett <josh@joshtriplett.org>
Acked-by: Randy Dunlap <rdunlap@infradead.org>
Cc: stable <stable@vger.kernel.org>
Linus Torvalds [Fri, 3 Oct 2014 21:20:44 +0000 (14:20 -0700)]
Merge branch 'i2c/for-current' of git://git./linux/kernel/git/wsa/linux
Pull i2c fixes from Wolfram Sang:
"Two i2c driver bugfixes"
* 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux:
i2c: qup: Fix order of runtime pm initialization
i2c: rk3x: fix 0 length write transfers
Linus Torvalds [Fri, 3 Oct 2014 20:31:57 +0000 (13:31 -0700)]
Merge tag 'trace-fixes-v3.17-rc7' of git://git./linux/kernel/git/rostedt/linux-trace
Pull trace ring buffer iterator fix from Steven Rostedt:
"While testing some new changes for 3.18, I kept hitting a bug every so
often in the ring buffer. At first I thought it had to do with some
of the changes I was working on, but then testing something else I
realized that the bug was in 3.17 itself. I ran several bisects as
the bug was not very reproducible, and finally came up with the commit
that I could reproduce easily within a few minutes, and without the
change I could run the tests over an hour without issue. The change
fit the bug and I figured out a fix. That bad commit was:
Commit
651e22f2701b "ring-buffer: Always reset iterator to reader page"
This commit fixed a bug, but in the process created another one. It
used the wrong value as the cached value that is used to see if things
changed while an iterator was in use. This made it look like a change
always happened, and could cause the iterator to go into an infinite
loop"
* tag 'trace-fixes-v3.17-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace:
ring-buffer: Fix infinite spin in reading buffer
Linus Torvalds [Fri, 3 Oct 2014 20:09:57 +0000 (13:09 -0700)]
Merge branch 'for-linus' of git://git.samba.org/sfrench/cifs-2.6
Pull cifs/smb3 fixes from Steve French:
"Fix for CIFS/SMB3 oops on reconnect during readpages (3.17 regression)
and for incorrectly closing file handle in symlink error cases"
* 'for-linus' of git://git.samba.org/sfrench/cifs-2.6:
CIFS: Fix readpages retrying on reconnects
Fix problem recognizing symlinks
Linus Torvalds [Fri, 3 Oct 2014 15:40:37 +0000 (08:40 -0700)]
Merge tag 'md/3.17-final-fix' of git://neil.brown.name/md
Pull raid5 discard fix from Neil Brown:
"One fix for raid5 discard issue"
* tag 'md/3.17-final-fix' of git://neil.brown.name/md:
md/raid5: disable 'DISCARD' by default due to safety concerns.
Linus Torvalds [Fri, 3 Oct 2014 15:31:14 +0000 (08:31 -0700)]
Merge branch 'drm-fixes' of git://people.freedesktop.org/~airlied/linux
Pull drm fixes from Dave Airlie:
"Nothing too major or scary.
One i915 regression fix, nouveau has a tmds regression fix, along with
a regression fix for the runtime pm code for optimus laptops not
restoring the display hw correctly"
* 'drm-fixes' of git://people.freedesktop.org/~airlied/linux:
drm/nouveau: make sure display hardware is reinitialised on runtime resume
drm/nouveau: punt fbcon resume out to a workqueue
drm/nouveau: fix regression on original nv50 board
drm/nv50/disp: fix dpms regression on certain boards
drm/i915: Flush the PTEs after updating them before suspend
David Howells [Fri, 3 Oct 2014 15:17:02 +0000 (16:17 +0100)]
X.509: If available, use the raw subjKeyId to form the key description
Module signing matches keys by comparing against the key description exactly.
However, the way the key description gets constructed got changed to be
composed of the subject name plus the certificate serial number instead of the
subject name and the subjectKeyId. I changed this to avoid problems with
certificates that don't *have* a subjectKeyId.
Instead, if available, use the raw subjectKeyId to form the key description
and only use the serial number if the subjectKeyId doesn't exist.
Reported-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Dmitry Kasatkin [Fri, 3 Oct 2014 08:53:28 +0000 (11:53 +0300)]
KEYS: handle error code encoded in pointer
If hexlen is odd then function returns an error.
Use IS_ERR to check for error, otherwise invalid pointer
is used and kernel gives oops:
[ 132.816522] BUG: unable to handle kernel paging request at
ffffffffffffffea
[ 132.819902] IP: [<
ffffffff812bfc20>] asymmetric_key_id_same+0x14/0x36
[ 132.820302] PGD
1a12067 PUD
1a14067 PMD 0
[ 132.820302] Oops: 0000 [#1] SMP
[ 132.820302] Modules linked in: bridge(E) stp(E) llc(E) evdev(E)
serio_raw(E) i2c_piix4(E) button(E) fuse(E)
[ 132.820302] CPU: 0 PID: 2993 Comm: cat Tainted: G E
3.16.0-kds+ #2847
[ 132.820302] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[ 132.820302] task:
ffff88004249a430 ti:
ffff880056640000 task.ti:
ffff880056640000
[ 132.820302] RIP: 0010:[<
ffffffff812bfc20>] [<
ffffffff812bfc20>]
asymmetric_key_id_same+0x14/0x36
[ 132.820302] RSP: 0018:
ffff880056643930 EFLAGS:
00010246
[ 132.820302] RAX:
0000000000000000 RBX:
ffffffffffffffea RCX:
ffff880056643ae0
[ 132.820302] RDX:
000000000000005e RSI:
ffffffffffffffea RDI:
ffff88005bac9300
[ 132.820302] RBP:
ffff880056643948 R08:
0000000000000003 R09:
00000007504aa01a
[ 132.820302] R10:
0000000000000000 R11:
0000000000000000 R12:
ffff88005d68ca40
[ 132.820302] R13:
0000000000000101 R14:
0000000000000000 R15:
ffff88005bac5280
[ 132.820302] FS:
00007f67a153c740(0000) GS:
ffff88005da00000(0000)
knlGS:
0000000000000000
[ 132.820302] CS: 0010 DS: 0000 ES: 0000 CR0:
000000008005003b
[ 132.820302] CR2:
ffffffffffffffea CR3:
000000002e663000 CR4:
00000000000006f0
[ 132.820302] Stack:
[ 132.820302]
ffffffff812bfc66 ffff880056643ae0 ffff88005bac5280
ffff880056643958
[ 132.820302]
ffffffff812bfc9d ffff880056643980 ffffffff812971d9
ffff88005ce930c1
[ 132.820302]
ffff88005ce930c0 0000000000000000 ffff8800566439c8
ffffffff812fb753
[ 132.820302] Call Trace:
[ 132.820302] [<
ffffffff812bfc66>] ? asymmetric_match_key_ids+0x24/0x42
[ 132.820302] [<
ffffffff812bfc9d>] asymmetric_key_cmp+0x19/0x1b
[ 132.820302] [<
ffffffff812971d9>] keyring_search_iterator+0x74/0xd7
[ 132.820302] [<
ffffffff812fb753>] assoc_array_subtree_iterate+0x67/0xd2
[ 132.820302] [<
ffffffff81297165>] ? key_default_cmp+0x20/0x20
[ 132.820302] [<
ffffffff812fbaa1>] assoc_array_iterate+0x19/0x1e
[ 132.820302] [<
ffffffff81297332>] search_nested_keyrings+0xf6/0x2b6
[ 132.820302] [<
ffffffff810728da>] ? sched_clock_cpu+0x91/0xa2
[ 132.820302] [<
ffffffff810860d2>] ? mark_held_locks+0x58/0x6e
[ 132.820302] [<
ffffffff810a137d>] ? current_kernel_time+0x77/0xb8
[ 132.820302] [<
ffffffff81297871>] keyring_search_aux+0xe1/0x14c
[ 132.820302] [<
ffffffff812977fc>] ? keyring_search_aux+0x6c/0x14c
[ 132.820302] [<
ffffffff8129796b>] keyring_search+0x8f/0xb6
[ 132.820302] [<
ffffffff812bfc84>] ? asymmetric_match_key_ids+0x42/0x42
[ 132.820302] [<
ffffffff81297165>] ? key_default_cmp+0x20/0x20
[ 132.820302] [<
ffffffff812ab9e3>] asymmetric_verify+0xa4/0x214
[ 132.820302] [<
ffffffff812ab90e>] integrity_digsig_verify+0xb1/0xe2
[ 132.820302] [<
ffffffff812abe41>] ? evm_verifyxattr+0x6a/0x7a
[ 132.820302] [<
ffffffff812b0390>] ima_appraise_measurement+0x160/0x370
[ 132.820302] [<
ffffffff81161db2>] ? d_absolute_path+0x5b/0x7a
[ 132.820302] [<
ffffffff812ada30>] process_measurement+0x322/0x404
Reported-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Christoph Hellwig [Fri, 3 Oct 2014 08:47:09 +0000 (01:47 -0700)]
[SCSI] uas: disable use of blk-mq I/O path
The uas driver uses the block layer tag for USB3 stream IDs. With
blk-mq we can get larger tag numbers that the queue depth, which breaks
this assumption. A fix is under way for 3.18, but sits on top of
large changes so can't easily be backported. Set the disable_blk_mq
path so that a uas device can't easily crash the system when using
blk-mq for SCSI.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Acked-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: James Bottomley <JBottomley@Parallels.com>
Linus Torvalds [Fri, 3 Oct 2014 01:47:28 +0000 (18:47 -0700)]
Merge tag 'pm+acpi-3.17-final' of git://git./linux/kernel/git/rafael/linux-pm
Pull ACPI and power management fixes from Rafael Wysocki:
"These are three regression fixes (cpufreq core, pcc-cpufreq, i915 /
ACPI) and one trivial fix for a callback return value mismatch in the
cpufreq integrator driver.
Specifics:
- A recent cpufreq core fix went too far and introduced a regression
in the system suspend code path. Fix from Viresh Kumar.
- An ACPI-related commit in the i915 driver that fixed backlight
problems for some Thinkpads inadvertently broke a Dell machine (in
3.16). Fix from Aaron Lu.
- The pcc-cpufreq driver was broken during the 3.15 cycle by a commit
that put wait_event() under a spinlock by mistake. Fix that
(Rafael J Wysocki).
- The return value type of integrator_cpufreq_remove() is void, but
should be int. Fix from Arnd Bergmann"
* tag 'pm+acpi-3.17-final' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
cpufreq: update 'cpufreq_suspended' after stopping governors
ACPI / i915: Update the condition to ignore firmware backlight change request
cpufreq: integrator: fix integrator_cpufreq_remove return type
cpufreq: pcc-cpufreq: Fix wait_event() under spinlock
Dave Airlie [Fri, 3 Oct 2014 01:38:16 +0000 (11:38 +1000)]
Merge tag 'drm-intel-fixes-2014-10-02' of git://anongit.freedesktop.org/drm-intel into drm-fixes
final regression fix for 3.17.
* tag 'drm-intel-fixes-2014-10-02' of git://anongit.freedesktop.org/drm-intel:
drm/i915: Flush the PTEs after updating them before suspend
Andy Gross [Mon, 29 Sep 2014 22:00:51 +0000 (17:00 -0500)]
i2c: qup: Fix order of runtime pm initialization
The runtime pm calls need to be done before populating the children via the
i2c_add_adapter call. If this is not done, a child can run into issues trying
to do i2c read/writes due to the pm_runtime_sync failing.
Signed-off-by: Andy Gross <agross@codeaurora.org>
Reviewed-by: Felipe Balbi <balbi@ti.com>
Acked-by: Bjorn Andersson <bjorn.andersson@sonymobile.com>
Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
Cc: stable@kernel.org
Alexandru M Stan [Wed, 1 Oct 2014 17:40:41 +0000 (10:40 -0700)]
i2c: rk3x: fix 0 length write transfers
i2cdetect -q was broken (everything was a false positive, and no transfers were
actually being sent over i2c). The way it works is by sending a 0 length write
request and checking for NACK. This patch fixes the 0 length writes and actually
sends them.
Reported-by: Doug Anderson <dianders@chromium.org>
Signed-off-by: Alexandru M Stan <amstan@chromium.org>
Tested-by: Doug Anderson <dianders@chromium.org>
Tested-by: Max Schwarz <max.schwarz@online.de>
Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
Cc: stable@kernel.org
Rafael J. Wysocki [Fri, 3 Oct 2014 01:10:07 +0000 (03:10 +0200)]
Merge branches 'pm-cpufreq' and 'acpi-video'
* pm-cpufreq:
cpufreq: update 'cpufreq_suspended' after stopping governors
cpufreq: integrator: fix integrator_cpufreq_remove return type
cpufreq: pcc-cpufreq: Fix wait_event() under spinlock
* acpi-video:
ACPI / i915: Update the condition to ignore firmware backlight change request
Linus Torvalds [Thu, 2 Oct 2014 23:29:19 +0000 (16:29 -0700)]
Merge branch 'akpm' (fixes from Andrew Morton)
Merge fixes from Andrew Morton:
"5 fixes"
* emailed patches from Andrew Morton <akpm@linux-foundation.org>:
mm: page_alloc: fix zone allocation fairness on UP
perf: fix perf bug in fork()
MAINTAINERS: change git URL for mpc5xxx tree
mm: memcontrol: do not iterate uninitialized memcgs
ocfs2/dlm: should put mle when goto kill in dlm_assert_master_handler
Johannes Weiner [Thu, 2 Oct 2014 23:21:10 +0000 (16:21 -0700)]
mm: page_alloc: fix zone allocation fairness on UP
The zone allocation batches can easily underflow due to higher-order
allocations or spills to remote nodes. On SMP that's fine, because
underflows are expected from concurrency and dealt with by returning 0.
But on UP, zone_page_state will just return a wrapped unsigned long,
which will get past the <= 0 check and then consider the zone eligible
until its watermarks are hit.
Commit
3a025760fc15 ("mm: page_alloc: spill to remote nodes before
waking kswapd") already made the counter-resetting use
atomic_long_read() to accomodate underflows from remote spills, but it
didn't go all the way with it.
Make it clear that these batches are expected to go negative regardless
of concurrency, and use atomic_long_read() everywhere.
Fixes: 81c0a2bb515f ("mm: page_alloc: fair zone allocator policy")
Reported-by: Vlastimil Babka <vbabka@suse.cz>
Reported-by: Leon Romanovsky <leon@leon.nu>
Signed-off-by: Johannes Weiner <hannes@cmpxchg.org>
Acked-by: Mel Gorman <mgorman@suse.de>
Cc: <stable@vger.kernel.org> [3.12+]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Peter Zijlstra [Thu, 2 Oct 2014 23:17:02 +0000 (16:17 -0700)]
perf: fix perf bug in fork()
Oleg noticed that a cleanup by Sylvain actually uncovered a bug; by
calling perf_event_free_task() when failing sched_fork() we will not yet
have done the memset() on ->perf_event_ctxp[] and will therefore try and
'free' the inherited contexts, which are still in use by the parent
process. This is bad..
Suggested-by: Oleg Nesterov <oleg@redhat.com>
Reported-by: Oleg Nesterov <oleg@redhat.com>
Reported-by: Sylvain 'ythier' Hitier <sylvain.hitier@gmail.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Ingo Molnar <mingo@kernel.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Anatolij Gustschin [Thu, 2 Oct 2014 23:16:59 +0000 (16:16 -0700)]
MAINTAINERS: change git URL for mpc5xxx tree
The repository for mpc5xxx has been moved, update git URL to new
location.
Signed-off-by: Anatolij Gustschin <agust@denx.de>
Cc: David Howells <dhowells@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Johannes Weiner [Thu, 2 Oct 2014 23:16:57 +0000 (16:16 -0700)]
mm: memcontrol: do not iterate uninitialized memcgs
The cgroup iterators yield css objects that have not yet gone through
css_online(), but they are not complete memcgs at this point and so the
memcg iterators should not return them. Commit
d8ad30559715 ("mm/memcg:
iteration skip memcgs not yet fully initialized") set out to implement
exactly this, but it uses CSS_ONLINE, a cgroup-internal flag that does
not meet the ordering requirements for memcg, and so the iterator may
skip over initialized groups, or return partially initialized memcgs.
The cgroup core can not reasonably provide a clear answer on whether the
object around the css has been fully initialized, as that depends on
controller-specific locking and lifetime rules. Thus, introduce a
memcg-specific flag that is set after the memcg has been initialized in
css_online(), and read before mem_cgroup_iter() callers access the memcg
members.
Signed-off-by: Johannes Weiner <hannes@cmpxchg.org>
Cc: Tejun Heo <tj@kernel.org>
Acked-by: Michal Hocko <mhocko@suse.cz>
Cc: Hugh Dickins <hughd@google.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: <stable@vger.kernel.org> [3.12+]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
alex chen [Thu, 2 Oct 2014 23:16:55 +0000 (16:16 -0700)]
ocfs2/dlm: should put mle when goto kill in dlm_assert_master_handler
In dlm_assert_master_handler, the mle is get in dlm_find_mle, should be
put when goto kill, otherwise, this mle will never be released.
Signed-off-by: Alex Chen <alex.chen@huawei.com>
Reviewed-by: Joseph Qi <joseph.qi@huawei.com>
Reviewed-by: joyce.xue <xuejiufei@huawei.com>
Cc: Mark Fasheh <mfasheh@suse.com>
Cc: Joel Becker <jlbec@evilplan.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Linus Torvalds [Thu, 2 Oct 2014 23:10:38 +0000 (16:10 -0700)]
Merge tag 'media/v3.17-rc8' of git://git./linux/kernel/git/mchehab/linux-media
Pull media fix from Mauro Carvalho Chehab:
"One last time regression fix at em28xx. The removal of .reset_resume
broke suspend/resume on this driver for some devices.
There are more fixes to be done for em28xx suspend/resume to be better
handled, but I'm opting to let them to stay for a while at the media
devel tree, in order to get more tests. So, for now, let's just
revert this patch"
* tag 'media/v3.17-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media:
Revert "[media] media: em28xx - remove reset_resume interface"
Steven Rostedt (Red Hat) [Thu, 2 Oct 2014 20:51:18 +0000 (16:51 -0400)]
ring-buffer: Fix infinite spin in reading buffer
Commit
651e22f2701b "ring-buffer: Always reset iterator to reader page"
fixed one bug but in the process caused another one. The reset is to
update the header page, but that fix also changed the way the cached
reads were updated. The cache reads are used to test if an iterator
needs to be updated or not.
A ring buffer iterator, when created, disables writes to the ring buffer
but does not stop other readers or consuming reads from happening.
Although all readers are synchronized via a lock, they are only
synchronized when in the ring buffer functions. Those functions may
be called by any number of readers. The iterator continues down when
its not interrupted by a consuming reader. If a consuming read
occurs, the iterator starts from the beginning of the buffer.
The way the iterator sees that a consuming read has happened since
its last read is by checking the reader "cache". The cache holds the
last counts of the read and the reader page itself.
Commit
651e22f2701b changed what was saved by the cache_read when
the rb_iter_reset() occurred, making the iterator never match the cache.
Then if the iterator calls rb_iter_reset(), it will go into an
infinite loop by checking if the cache doesn't match, doing the reset
and retrying, just to see that the cache still doesn't match! Which
should never happen as the reset is suppose to set the cache to the
current value and there's locks that keep a consuming reader from
having access to the data.
Fixes: 651e22f2701b "ring-buffer: Always reset iterator to reader page"
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
Linus Torvalds [Thu, 2 Oct 2014 19:23:10 +0000 (12:23 -0700)]
Merge branch 'parisc-3.17-8' of git://git./linux/kernel/git/deller/parisc-linux
Pull parisc fix from Helge Deller:
"One late but trivial patch to fix the serial console on parisc
machines which got broken during the 3.17 release cycle"
* 'parisc-3.17-8' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux:
parisc: Fix serial console for machines with serial port on superio chip
Pavel Shilovsky [Thu, 2 Oct 2014 16:13:35 +0000 (20:13 +0400)]
CIFS: Fix readpages retrying on reconnects
If we got a reconnect error from async readv we re-add pages back
to page_list and continue loop. That is wrong because these pages
have been already added to the pagecache but page_list has pages that
have not been added to the pagecache yet. This ends up with a general
protection fault in put_pages after readpages. Fix it by not retrying
the read of these pages and falling back to readpage instead.
Fixes debian bug 762306
Signed-off-by: Pavel Shilovsky <pshilovsky@samba.org>
Signed-off-by: Steve French <smfrench@gmail.com>
Tested-by: Arthur Marsh <arthur.marsh@internode.on.net>
Steve French [Thu, 25 Sep 2014 06:26:55 +0000 (01:26 -0500)]
Fix problem recognizing symlinks
Changeset
eb85d94bd introduced a problem where if a cifs open
fails during query info of a file we
will still try to close the file (happens with certain types
of reparse points) even though the file handle is not valid.
In addition for SMB2/SMB3 we were not mapping the return code returned
by Windows when trying to open a file (like a Windows NFS symlink)
which is a reparse point.
Signed-off-by: Steve French <smfrench@gmail.com>
Reviewed-by: Pavel Shilovsky <pshilovsky@samba.org>
CC: stable <stable@vger.kernel.org> #v3.13+
Linus Torvalds [Thu, 2 Oct 2014 18:57:52 +0000 (11:57 -0700)]
Merge branch 'numa-migration-fixes' (fixes from Mel Gorman)
Merge NUMA balancing related fixlets from Mel Gorman:
"There were a few minor changes so am resending just the two patches
that are mostly likely to affect the bug Dave and Sasha saw and marked
them for stable.
I'm less confident it will address Sasha's problem because while I
have not kept up to date, I believe he's also seeing memory corruption
issues in next from an unknown source. Still, it would be nice to see
how they affect trinity testing.
I'll send the MPOL_MF_LAZY patch separately because it's not urgent"
* emailed patches from Mel Gorman <mgorman@suse.de>:
mm: numa: Do not mark PTEs pte_numa when splitting huge pages
mm: migrate: Close race between migration completion and mprotect
Mel Gorman [Thu, 2 Oct 2014 18:47:42 +0000 (19:47 +0100)]
mm: numa: Do not mark PTEs pte_numa when splitting huge pages
This patch reverts
1ba6e0b50b ("mm: numa: split_huge_page: transfer the
NUMA type from the pmd to the pte"). If a huge page is being split due
a protection change and the tail will be in a PROT_NONE vma then NUMA
hinting PTEs are temporarily created in the protected VMA.
VM_RW|VM_PROTNONE
|-----------------|
^
split here
In the specific case above, it should get fixed up by change_pte_range()
but there is a window of opportunity for weirdness to happen. Similarly,
if a huge page is shrunk and split during a protection update but before
pmd_numa is cleared then a pte_numa can be left behind.
Instead of adding complexity trying to deal with the case, this patch
will not mark PTEs NUMA when splitting a huge page. NUMA hinting faults
will not be triggered which is marginal in comparison to the complexity
in dealing with the corner cases during THP split.
Cc: stable@vger.kernel.org
Signed-off-by: Mel Gorman <mgorman@suse.de>
Acked-by: Rik van Riel <riel@redhat.com>
Acked-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Mel Gorman [Thu, 2 Oct 2014 18:47:41 +0000 (19:47 +0100)]
mm: migrate: Close race between migration completion and mprotect
A migration entry is marked as write if pte_write was true at the time the
entry was created. The VMA protections are not double checked when migration
entries are being removed as mprotect marks write-migration-entries as
read. It means that potentially we take a spurious fault to mark PTEs write
again but it's straight-forward. However, there is a race between write
migrations being marked read and migrations finishing. This potentially
allows a PTE to be write that should have been read. Close this race by
double checking the VMA permissions using maybe_mkwrite when migration
completes.
[torvalds@linux-foundation.org: use maybe_mkwrite]
Cc: stable@vger.kernel.org
Signed-off-by: Mel Gorman <mgorman@suse.de>
Acked-by: Rik van Riel <riel@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Linus Torvalds [Thu, 2 Oct 2014 16:42:28 +0000 (09:42 -0700)]
Merge tag 'sound-3.17' of git://git./linux/kernel/git/tiwai/sound
Pull sound fixes from Takashi Iwai:
"Just a few pending bits of random fixes in ASoC. Nothing exciting,
but would be nice to be merged in 3.17, as most of them are also for
stable kernels"
* tag 'sound-3.17' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
ASoC: ssm2602: do not hardcode type to SSM2602
ASoC: core: fix possible ZERO_SIZE_PTR pointer dereferencing error.
MAINTAINERS: add atmel audio alsa driver maintainer entry
ASoC: rt286: Fix sync function
ASoC: rt286: Correct default value
ASoC: soc-compress: fix double unlock of fe card mutex
ASoC: fsl_ssi: fix kernel panic in probe function
James Morris [Thu, 2 Oct 2014 09:47:23 +0000 (19:47 +1000)]
Merge branch 'next' of git://git./linux/kernel/git/zohar/linux-integrity into next
Dave Airlie [Thu, 2 Oct 2014 04:48:20 +0000 (14:48 +1000)]
Merge branch 'linux-3.17' of git://anongit.freedesktop.org/git/nouveau/linux-2.6 into drm-fixes
A few regression fixes, the runpm ones dating back to 3.15. Also a fairly severe TMDS regression that effected a lot of GF8/9/GT2xx users.
* 'linux-3.17' of git://anongit.freedesktop.org/git/nouveau/linux-2.6:
drm/nouveau: make sure display hardware is reinitialised on runtime resume
drm/nouveau: punt fbcon resume out to a workqueue
drm/nouveau: fix regression on original nv50 board
drm/nv50/disp: fix dpms regression on certain boards
Linus Torvalds [Thu, 2 Oct 2014 04:29:06 +0000 (21:29 -0700)]
Merge git://git./linux/kernel/git/davem/net
Pull networking fixes from David Miller:
1) Don't halt the firmware in r8152 driver, from Hayes Wang.
2) Handle full sized 802.1ad frames in bnx2 and tg3 drivers properly,
from Vlad Yasevich.
3) Don't sleep while holding tx_clean_lock in netxen driver, fix from
Manish Chopra.
4) Certain kinds of ipv6 routes can end up endlessly failing the route
validation test, causing it to be re-looked up over and over again.
This particularly kills input route caching in TCP sockets. Fix
from Hannes Frederic Sowa.
5) netvsc_start_xmit() has a use-after-free access to skb->len, fix
from K Y Srinivasan.
6) Fix matching of inverted containers in ematch module, from Ignacy
Gawędzki.
7) Aggregation of GRO frames via SKB ->frag_list for linear skbs isn't
handled properly, regression fix from Eric Dumazet.
8) Don't test return value of ipv4_neigh_lookup(), which returns an
error pointer, against NULL. From WANG Cong.
9) Fix an old regression where we mistakenly allow a double add of the
same tunnel. Fixes from Steffen Klassert.
10) macvtap device delete and open can run in parallel and corrupt lists
etc., fix from Vlad Yasevich.
11) Fix build error with IPV6=m NETFILTER_XT_TARGET_TPROXY=y, from Pablo
Neira Ayuso.
12) rhashtable_destroy() triggers lockdep splats, fix also from Pablo.
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (32 commits)
bna: Update Maintainer Email
r8152: disable power cut for RTL8153
r8152: remove clearing bp
bnx2: Correctly receive full sized 802.1ad fragmes
tg3: Allow for recieve of full-size 8021AD frames
r8152: fix setting RTL8152_UNPLUG
netxen: Fix bug in Tx completion path.
netxen: Fix BUG "sleeping function called from invalid context"
ipv6: remove rt6i_genid
hyperv: Fix a bug in netvsc_start_xmit()
net: stmmac: fix stmmac_pci_probe failed when CONFIG_HAVE_CLK is selected
ematch: Fix matching of inverted containers.
gro: fix aggregation for skb using frag_list
neigh: check error pointer instead of NULL for ipv4_neigh_lookup()
ip6_gre: Return an error when adding an existing tunnel.
ip6_vti: Return an error when adding an existing tunnel.
ip6_tunnel: Return an error when adding an existing tunnel.
ip6gre: add a rtnl link alias for ip6gretap
net/mlx4_core: Allow not to specify probe_vf in SRIOV IB mode
r8152: fix the carrier off when autoresuming
...
NeilBrown [Thu, 2 Oct 2014 03:45:00 +0000 (13:45 +1000)]
md/raid5: disable 'DISCARD' by default due to safety concerns.
It has come to my attention (thanks Martin) that 'discard_zeroes_data'
is only a hint. Some devices in some cases don't do what it
says on the label.
The use of DISCARD in RAID5 depends on reads from discarded regions
being predictably zero. If a write to a previously discarded region
performs a read-modify-write cycle it assumes that the parity block
was consistent with the data blocks. If all were zero, this would
be the case. If some are and some aren't this would not be the case.
This could lead to data corruption after a device failure when
data needs to be reconstructed from the parity.
As we cannot trust 'discard_zeroes_data', ignore it by default
and so disallow DISCARD on all raid4/5/6 arrays.
As many devices are trustworthy, and as there are benefits to using
DISCARD, add a module parameter to over-ride this caution and cause
DISCARD to work if discard_zeroes_data is set.
If a site want to enable DISCARD on some arrays but not on others they
should select DISCARD support at the filesystem level, and set the
raid456 module parameter.
raid456.devices_handle_discard_safely=Y
As this is a data-safety issue, I believe this patch is suitable for
-stable.
DISCARD support for RAID456 was added in 3.7
Cc: Shaohua Li <shli@kernel.org>
Cc: "Martin K. Petersen" <martin.petersen@oracle.com>
Cc: Mike Snitzer <snitzer@redhat.com>
Cc: Heinz Mauelshagen <heinzm@redhat.com>
Cc: stable@vger.kernel.org (3.7+)
Acked-by: Martin K. Petersen <martin.petersen@oracle.com>
Acked-by: Mike Snitzer <snitzer@redhat.com>
Fixes: 620125f2bf8ff0c4969b79653b54d7bcc9d40637
Signed-off-by: NeilBrown <neilb@suse.de>
Ben Skeggs [Thu, 2 Oct 2014 03:22:27 +0000 (13:22 +1000)]
drm/nouveau: make sure display hardware is reinitialised on runtime resume
Linus commit
05c63c2ff23a80b654d6c088ac3ba21628db0173 modified the
runtime suspend/resume paths to skip over display-related tasks to
avoid locking issues on resume.
Unfortunately, this resulted in the display hardware being left in
a partially initialised state, preventing subsequent modesets from
completing.
This commit unifies the (many) suspend/resume paths, bringing back
display (and fbcon) handling in the runtime paths.
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
Ben Skeggs [Wed, 1 Oct 2014 01:11:25 +0000 (11:11 +1000)]
drm/nouveau: punt fbcon resume out to a workqueue
Preparation for some runtime pm fixes. Currently we skip over fbcon
suspend/resume in the runtime path, which causes issues on resume if
fbcon tries to write to the framebuffer before the BAR subdev has
been resumed to restore the BAR1 VM setup.
As we might be woken up via a sysfs connector, we are unable to call
fb_set_suspend() in the resume path as it could make its way down to
a modeset and cause all sorts of locking hilarity.
To solve this, we'll just delay the fbcon resume to a workqueue.
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
Ben Skeggs [Wed, 1 Oct 2014 02:46:14 +0000 (12:46 +1000)]
drm/nouveau: fix regression on original nv50 board
Xorg (and any non-DRM client really) doesn't have permission to directly
touch VRAM on nv50 and up, which the fence code prior to g84 depends on.
It's less invasive to temporarily grant it premission to do so, as it
previously did, than it is to rework fencenv50 to use the VM. That
will come later on.
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
Ben Skeggs [Tue, 30 Sep 2014 00:27:08 +0000 (10:27 +1000)]
drm/nv50/disp: fix dpms regression on certain boards
Reported in fdo#82527 comment #2.
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
Rasesh Mody [Wed, 1 Oct 2014 21:20:41 +0000 (17:20 -0400)]
bna: Update Maintainer Email
Update the maintainer email for BNA driver.
Signed-off-by: Rasesh Mody <rasesh.mody@qlogic.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Wed, 1 Oct 2014 20:46:41 +0000 (16:46 -0400)]
Merge branch 'r8152'
Hayes Wang says:
====================
r8152: patches about firmware
The patches fix the issues when the firmware exists.
For the multiple OS, the firmware may be loaded by the
driver of the other OS. And the Linux driver has influences
on it.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
hayeswang [Wed, 1 Oct 2014 05:25:11 +0000 (13:25 +0800)]
r8152: disable power cut for RTL8153
The firmware would be clear when the power cut is enabled for
RTL8153.
Signed-off-by: Hayes Wang <hayeswang@realtek.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
hayeswang [Wed, 1 Oct 2014 05:25:10 +0000 (13:25 +0800)]
r8152: remove clearing bp
The xxx_clear_bp() is used to halt the firmware. It only necessary
for updating the new firmware. Besides, depend on the version of
the current firmware, it may have problem to halt the firmware
directly. Finally, halt the firmware would let the firmware code
useless, and the bugs which are fixed by the firmware would occur.
Signed-off-by: Hayes Wang <hayeswang@realtek.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Vlad Yasevich [Tue, 30 Sep 2014 23:39:37 +0000 (19:39 -0400)]
bnx2: Correctly receive full sized 802.1ad fragmes
This driver, similar to tg3, has a check that will
cause full sized 802.1ad frames to be dropped. The
frame will be larger then the standard mtu due to the
presense of vlan header that has not been stripped.
The driver should not drop this frame and should process
it just like it does for 802.1q.
CC: Sony Chacko <sony.chacko@qlogic.com>
CC: Dept-HSGLinuxNICDev@qlogic.com
Signed-off-by: Vladislav Yasevich <vyasevic@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Vlad Yasevich [Tue, 30 Sep 2014 23:39:36 +0000 (19:39 -0400)]
tg3: Allow for recieve of full-size 8021AD frames
When receiving a vlan-tagged frame that still contains
a vlan header, the length of the packet will be greater
then MTU+ETH_HLEN since it will account of the extra
vlan header. TG3 checks this for the case for 802.1Q,
but not for 802.1ad. As a result, full sized 802.1ad
frames get dropped by the card.
Add a check for 802.1ad protocol when receving full
sized frames.
Suggested-by: Prashant Sreedharan <prashant@broadcom.com>
CC: Prashant Sreedharan <prashant@broadcom.com>
CC: Michael Chan <mchan@broadcom.com>
Signed-off-by: Vladislav Yasevich <vyasevic@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Linus Torvalds [Wed, 1 Oct 2014 20:22:00 +0000 (13:22 -0700)]
Merge branch 'for-3.17' of git://linux-nfs.org/~bfields/linux
Pull nfsd bugfix from Bruce Fields:
"This fixes a data corruption bug introduced by the v3.16 xdr encoding
rewrite. I haven't managed to reproduce it myself yet, but it's
apparently not hard to hit given the right workload"
* 'for-3.17' of git://linux-nfs.org/~bfields/linux:
nfsd4: fix corruption of NFSv4 read data
Helge Deller [Wed, 1 Oct 2014 20:11:01 +0000 (22:11 +0200)]
parisc: Fix serial console for machines with serial port on superio chip
Fix the serial console on machines where the serial port is located on
the SuperIO chip.
Signed-off-by: Helge Deller <deller@gmx.de>
Cc: Peter Hurley <peter@hurleysoftware.com>
Anish Bhatt [Tue, 16 Sep 2014 00:44:18 +0000 (17:44 -0700)]
[SCSI] cxgb4i: avoid holding mutex in interrupt context
cxgbi_inet6addr_handler() can be called in interrupt context, so use rcu
protected list while finding netdev. This is observed as a scheduling in
atomic oops when running over ipv6.
Fixes: fc8d0590d914 ("libcxgbi: Add ipv6 api to driver")
Fixes: 759a0cc5a3e1 ("cxgb4i: Add ipv6 code to driver, call into libcxgbi ipv6 api")
Signed-off-by: Anish Bhatt <anish@chelsio.com>
Signed-off-by: Karen Xie <kxie@chelsio.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: James Bottomley <JBottomley@Parallels.com>
Takashi Iwai [Wed, 1 Oct 2014 07:29:26 +0000 (09:29 +0200)]
Merge tag 'asoc-v3.17-rc7' of git://git./linux/kernel/git/broonie/sound into for-linus
ASoC: Fix SSM2602 device identification
Another fix for v3.17, fixing device identification after the split out
of the I2C and SPI code.
Linus Torvalds [Wed, 1 Oct 2014 02:52:08 +0000 (19:52 -0700)]
Merge branch 'fixes' of git://ftp.arm.linux.org.uk/~rmk/linux-arm
Pull ARM fixes from Russell King:
"Some further ARM fixes:
- another build fix for the kprobes test code
- a fix for no kuser helpers for the set_tls code, which oopsed on
noMMU hardware
- a fix for alignment handler with neon opcodes being misinterpreted
- turning off the hardware access support, which is not implemented
- a build fix for the v7 coherency exiting code, which can be built
in non-v7 environments (but still only executed on v7 CPUs)"
* 'fixes' of git://ftp.arm.linux.org.uk/~rmk/linux-arm:
ARM: 8179/1: kprobes-test: Fix compile error "bad immediate value for offset"
ARM: 8178/1: fix set_tls for !CONFIG_KUSER_HELPERS
ARM: 8177/1: cacheflush: Fix v7_exit_coherency_flush exynos build breakage on ARMv6
ARM: 8165/1: alignment: don't break misaligned NEON load/store
ARM: 8164/1: mm: clear SCTLR.HA instead of setting it for LPAE
hayeswang [Tue, 30 Sep 2014 08:48:01 +0000 (16:48 +0800)]
r8152: fix setting RTL8152_UNPLUG
The flag of RTL8152_UNPLUG should only be set when the device is
unplugged, not each time the rtl8152_disconnect() is called.
Otherwise, the device wouldn't be stopped normally.
Signed-off-by: Hayes Wang <hayeswang@realtek.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
David S. Miller [Tue, 30 Sep 2014 20:22:51 +0000 (16:22 -0400)]
Merge branch 'netxen'
Manish Chopra says:
====================
netxen: Bug fixes.
This series fixes some TX specific issues.
* Move spin_lock(tx_clean_lock) in down path to fix
atomic sleep bug (Reported by Mike Galbraith).
* Fix hang in interface down while running traffic.
Please consider applying this to 'net'.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Manish Chopra [Tue, 30 Sep 2014 07:56:36 +0000 (03:56 -0400)]
netxen: Fix bug in Tx completion path.
o Driver is not updating sw_consumer while processing Tx completion
when interface is going down. Due to this interface down path gets
stuck forever waiting for NAPI to complete.
Signed-off-by: Manish Chopra <manish.chopra@qlogic.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Manish Chopra [Tue, 30 Sep 2014 07:56:35 +0000 (03:56 -0400)]
netxen: Fix BUG "sleeping function called from invalid context"
o __netxen_nic_down() function might sleep while holding spinlock_t(tx_clean_lock).
Acquire this lock for only releasing TX buffers instead of taking it
for whole down path.
Reported-by: Mike Galbraith <umgwanakikbuti@gmail.com>
Signed-off-by: Manish Chopra <manish.chopra@qlogic.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
J. Bruce Fields [Wed, 24 Sep 2014 20:32:34 +0000 (16:32 -0400)]
nfsd4: fix corruption of NFSv4 read data
The calculation of page_ptr here is wrong in the case the read doesn't
start at an offset that is a multiple of a page.
The result is that nfs4svc_encode_compoundres sets rq_next_page to a
value one too small, and then the loop in svc_free_res_pages may
incorrectly fail to clear a page pointer in rq_respages[].
Pages left in rq_respages[] are available for the next rpc request to
use, so xdr data may be written to that page, which may hold data still
waiting to be transmitted to the client or data in the page cache.
The observed result was silent data corruption seen on an NFSv4 client.
We tag this as "fixing"
05638dc73af2 because that commit exposed this
bug, though the incorrect calculation predates it.
Particular thanks to Andrea Arcangeli and David Gilbert for analysis and
testing.
Fixes: 05638dc73af2 "nfsd4: simplify server xdr->next_page use"
Cc: stable@vger.kernel.org
Reported-by: Andrea Arcangeli <aarcange@redhat.com>
Tested-by: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Viresh Kumar [Tue, 30 Sep 2014 04:03:17 +0000 (09:33 +0530)]
cpufreq: update 'cpufreq_suspended' after stopping governors
Commit
8e30444e1530 ("cpufreq: fix cpufreq suspend/resume for intel_pstate")
introduced a bug where the governors wouldn't be stopped anymore for
->target{_index}() drivers during suspend. This happens because
'cpufreq_suspended' is updated before stopping the governors during suspend
and due to this __cpufreq_governor() would return early due to this check:
/* Don't start any governor operations if we are entering suspend */
if (cpufreq_suspended)
return 0;
Fixes: 8e30444e1530 ("cpufreq: fix cpufreq suspend/resume for intel_pstate")
Cc: 3.15+ <stable@vger.kernel.org> # 3.15+: 8e30444e1530 "cpufreq: fix cpufreq suspend/resume for intel_pstate"
Signed-off-by: Viresh Kumar <viresh.kumar@linaro.org>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Hannes Frederic Sowa [Sat, 27 Sep 2014 22:46:06 +0000 (00:46 +0200)]
ipv6: remove rt6i_genid
Eric Dumazet noticed that all no-nonexthop or no-gateway routes which
are already marked DST_HOST (e.g. input routes routes) will always be
invalidated during sk_dst_check. Thus per-socket dst caching absolutely
had no effect and early demuxing had no effect.
Thus this patch removes rt6i_genid: fn_sernum already gets modified during
add operations, so we only must ensure we mutate fn_sernum during ipv6
address remove operations. This is a fairly cost extensive operations,
but address removal should not happen that often. Also our mtu update
functions do the same and we heard no complains so far. xfrm policy
changes also cause a call into fib6_flush_trees. Also plug a hole in
rt6_info (no cacheline changes).
I verified via tracing that this change has effect.
Cc: Eric Dumazet <eric.dumazet@gmail.com>
Cc: YOSHIFUJI Hideaki <hideaki@yoshifuji.org>
Cc: Vlad Yasevich <vyasevich@gmail.com>
Cc: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Cc: Martin Lau <kafai@fb.com>
Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Jon Medhurst [Tue, 30 Sep 2014 09:25:10 +0000 (10:25 +0100)]
ARM: 8179/1: kprobes-test: Fix compile error "bad immediate value for offset"
When compiling kprobes-test-arm.c the following error has been observed
/tmp/ccoT403o.s:21439: Error: bad immediate value for offset (4168)
This is caused by the compiler spilling it's literal pool too far away
from the site which is trying to reference it with a PC relative load.
This arises because the compiler is underestimating the size of the
inline assembler code present, which apparently it approximates as 4
bytes per line or instruction.
We fix this problem by moving the operations which generate more than
4 bytes out of the text section. Specifically, moving the .ascii
directives to the .rodata section.
Signed-off-by: Jon Medhurst <tixy@linaro.org>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Nathan Lynch [Mon, 29 Sep 2014 18:11:36 +0000 (19:11 +0100)]
ARM: 8178/1: fix set_tls for !CONFIG_KUSER_HELPERS
Joachim Eastwood reports that commit
fbfb872f5f41 "ARM: 8148/1: flush
TLS and thumbee register state during exec" causes a boot-time crash
on a Cortex-M4 nommu system:
Freeing unused kernel memory: 68K (
281e5000 -
281f6000)
Unhandled exception: IPSR =
00000005 LR =
fffffff1
CPU: 0 PID: 1 Comm: swapper Not tainted
3.17.0-rc6-00313-gd2205fa30aa7 #191
task:
29834000 ti:
29832000 task.ti:
29832000
PC is at flush_thread+0x2e/0x40
LR is at flush_thread+0x21/0x40
pc : [<
2800954a>] lr : [<
2800953d>] psr:
4100000b
sp :
29833d60 ip :
00000000 fp :
00000001
r10:
00003cf8 r9 :
29b1f000 r8 :
00000000
r7 :
29b0bc00 r6 :
29834000 r5 :
29832000 r4 :
29832000
r3 :
ffff0ff0 r2 :
29832000 r1 :
00000000 r0 :
282121f0
xPSR:
4100000b
CPU: 0 PID: 1 Comm: swapper Not tainted
3.17.0-rc6-00313-gd2205fa30aa7 #191
[<
2800afa5>] (unwind_backtrace) from [<
2800a327>] (show_stack+0xb/0xc)
[<
2800a327>] (show_stack) from [<
2800a963>] (__invalid_entry+0x4b/0x4c)
The problem is that set_tls is attempting to clear the TLS location in
the kernel-user helper page, which isn't set up on V7M.
Fix this by guarding the write to the kuser helper page with
a CONFIG_KUSER_HELPERS ifdef.
Fixes: fbfb872f5f41 ARM: 8148/1: flush TLS and thumbee register state during exec
Reported-by: Joachim Eastwood <manabian@gmail.com>
Tested-by: Joachim Eastwood <manabian@gmail.com>
Cc: stable@vger.kernel.org
Signed-off-by: Nathan Lynch <nathan_lynch@mentor.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Krzysztof Kozlowski [Sun, 28 Sep 2014 04:36:46 +0000 (05:36 +0100)]
ARM: 8177/1: cacheflush: Fix v7_exit_coherency_flush exynos build breakage on ARMv6
This fixes build breakage of platsmp.c if ARMv6 was chosen for compile
time options (e.g. by building allmodconfig):
$ make allmodconfig
$ make
CC arch/arm/mach-exynos/platsmp.o
/tmp/ccdQM0Eg.s: Assembler messages:
/tmp/ccdQM0Eg.s:432: Error: selected processor does not support ARM mode `isb '
/tmp/ccdQM0Eg.s:437: Error: selected processor does not support ARM mode `isb '
/tmp/ccdQM0Eg.s:438: Error: selected processor does not support ARM mode `dsb '
make[1]: *** [arch/arm/mach-exynos/platsmp.o] Error 1
The error was introduced in commit "ARM: EXYNOS: Move code from
hotplug.c to platsmp.c". Previously code using
v7_exit_coherency_flush() macro was built with '-march=armv7-a' flag but
this flag dissapeared during the movement.
Fix this by annotating the v7_exit_coherency_flush() asm code with
armv7-a architecture.
Signed-off-by: Krzysztof Kozlowski <k.kozlowski@samsung.com>
Reported-by: Mark Brown <broonie@kernel.org>
Acked-by: Nicolas Pitre <nico@linaro.org>
Signed-off-by: Kukjin Kim <kgene.kim@samsung.com>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
James Morris [Tue, 30 Sep 2014 14:45:26 +0000 (00:45 +1000)]
Merge branch 'next' of git://git.infradead.org/users/pcmoore/selinux into next