| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Move the actual allocation once we have selected an allocation group into a
separate helper, and make xfs_dialloc a wrapper around it.
Signed-off-by: Christoph Hellwig <[email protected]>
Reviewed-by: Dave Chinner <[email protected]>
Reviewed-by: Ben Myers <[email protected]>
Signed-off-by: Ben Myers <[email protected]>
|
|
* marvell/dt: (41 commits)
ARM: Kirkwood: Replace mrvl with marvell
ARM: Kirkwood: Describe GoFlex Net LEDs and SATA in DT.
ARM: Kirkwood: Describe Dreamplug LEDs in DT.
ARM: Kirkwood: Describe iConnects LEDs in DT.
ARM: Kirkwood: Describe iConnects temperature sensor in DT.
ARM: Kirkwood: Describe IB62x0 LEDs in DT.
ARM: Kirkwood: Describe IB62x0 gpio-keys in DT.
ARM: Kirkwood: Describe DNS32? gpio-keys in DT.
ARM: Kirkwood: Move common portions into a kirkwood-dnskw.dtsi
ARM: Kirkwood: Replace DNS-320/DNS-325 leds with dt bindings
ARM: Kirkwood: Describe DNS325 temperature sensor in DT.
ARM: Kirkwood: Use DT to configure SATA device.
ARM: kirkwood: use devicetree for SPI on dreamplug
ARM: kirkwood: Add LS-XHL and LS-CHLv2 support
ARM: Kirkwood: Initial DTS support for Kirkwood GoFlex Net
ARM: Kirkwood: Add basic device tree support for QNAP TS219.
ATA: sata_mv: Add device tree support
ARM: Orion: DTify the watchdog timer.
ARM: Orion: Add arch support needed for I2C via DT.
ARM: kirkwood: use devicetree for orion-spi
...
|
|
Signed-off-by: Al Viro <[email protected]>
|
|
It's used both for client and server hosts; we can't do nlmclnt_release_host()
on failure exits, since the host might need nlmsvc_release_host(), with BUG_ON()
for calling the wrong one. Makes life simpler for callers, actually...
Signed-off-by: Al Viro <[email protected]>
|
|
Adds audit messages for unexpected link restriction violations so that
system owners will have some sort of potentially actionable information
about misbehaving processes.
Signed-off-by: Kees Cook <[email protected]>
Signed-off-by: Al Viro <[email protected]>
|
|
This adds symlink and hardlink restrictions to the Linux VFS.
Symlinks:
A long-standing class of security issues is the symlink-based
time-of-check-time-of-use race, most commonly seen in world-writable
directories like /tmp. The common method of exploitation of this flaw
is to cross privilege boundaries when following a given symlink (i.e. a
root process follows a symlink belonging to another user). For a likely
incomplete list of hundreds of examples across the years, please see:
http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=/tmp
The solution is to permit symlinks to only be followed when outside
a sticky world-writable directory, or when the uid of the symlink and
follower match, or when the directory owner matches the symlink's owner.
Some pointers to the history of earlier discussion that I could find:
1996 Aug, Zygo Blaxell
http://marc.info/?l=bugtraq&m=87602167419830&w=2
1996 Oct, Andrew Tridgell
http://lkml.indiana.edu/hypermail/linux/kernel/9610.2/0086.html
1997 Dec, Albert D Cahalan
http://lkml.org/lkml/1997/12/16/4
2005 Feb, Lorenzo Hernández García-Hierro
http://lkml.indiana.edu/hypermail/linux/kernel/0502.0/1896.html
2010 May, Kees Cook
https://lkml.org/lkml/2010/5/30/144
Past objections and rebuttals could be summarized as:
- Violates POSIX.
- POSIX didn't consider this situation and it's not useful to follow
a broken specification at the cost of security.
- Might break unknown applications that use this feature.
- Applications that break because of the change are easy to spot and
fix. Applications that are vulnerable to symlink ToCToU by not having
the change aren't. Additionally, no applications have yet been found
that rely on this behavior.
- Applications should just use mkstemp() or O_CREATE|O_EXCL.
- True, but applications are not perfect, and new software is written
all the time that makes these mistakes; blocking this flaw at the
kernel is a single solution to the entire class of vulnerability.
- This should live in the core VFS.
- This should live in an LSM. (https://lkml.org/lkml/2010/5/31/135)
- This should live in an LSM.
- This should live in the core VFS. (https://lkml.org/lkml/2010/8/2/188)
Hardlinks:
On systems that have user-writable directories on the same partition
as system files, a long-standing class of security issues is the
hardlink-based time-of-check-time-of-use race, most commonly seen in
world-writable directories like /tmp. The common method of exploitation
of this flaw is to cross privilege boundaries when following a given
hardlink (i.e. a root process follows a hardlink created by another
user). Additionally, an issue exists where users can "pin" a potentially
vulnerable setuid/setgid file so that an administrator will not actually
upgrade a system fully.
The solution is to permit hardlinks to only be created when the user is
already the existing file's owner, or if they already have read/write
access to the existing file.
Many Linux users are surprised when they learn they can link to files
they have no access to, so this change appears to follow the doctrine
of "least surprise". Additionally, this change does not violate POSIX,
which states "the implementation may require that the calling process
has permission to access the existing file"[1].
This change is known to break some implementations of the "at" daemon,
though the version used by Fedora and Ubuntu has been fixed[2] for
a while. Otherwise, the change has been undisruptive while in use in
Ubuntu for the last 1.5 years.
[1] http://pubs.opengroup.org/onlinepubs/9699919799/functions/linkat.html
[2] http://anonscm.debian.org/gitweb/?p=collab-maint/at.git;a=commitdiff;h=f4114656c3a6c6f6070e315ffdf940a49eda3279
This patch is based on the patches in Openwall and grsecurity, along with
suggestions from Al Viro. I have added a sysctl to enable the protected
behavior, and documentation.
Signed-off-by: Kees Cook <[email protected]>
Acked-by: Ingo Molnar <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
Signed-off-by: Al Viro <[email protected]>
|
|
I can reliably reproduce the following panic by simply setting an audit
rule on a recent 3.5.0+ kernel:
BUG: unable to handle kernel NULL pointer dereference at 0000000000000040
IP: [<ffffffff810d1250>] audit_copy_inode+0x10/0x90
PGD 7acd9067 PUD 7b8fb067 PMD 0
Oops: 0000 [#86] SMP
Modules linked in: nfs nfs_acl auth_rpcgss fscache lockd sunrpc tpm_bios btrfs zlib_deflate libcrc32c kvm_amd kvm joydev virtio_net pcspkr i2c_piix4 floppy virtio_balloon microcode virtio_blk cirrus drm_kms_helper ttm drm i2c_core [last unloaded: scsi_wait_scan]
CPU 0
Pid: 1286, comm: abrt-dump-oops Tainted: G D 3.5.0+ #1 Bochs Bochs
RIP: 0010:[<ffffffff810d1250>] [<ffffffff810d1250>] audit_copy_inode+0x10/0x90
RSP: 0018:ffff88007aebfc38 EFLAGS: 00010282
RAX: 0000000000000000 RBX: ffff88003692d860 RCX: 00000000000038c4
RDX: 0000000000000000 RSI: ffff88006baf5d80 RDI: ffff88003692d860
RBP: ffff88007aebfc68 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000000
R13: ffff880036d30f00 R14: ffff88006baf5d80 R15: ffff88003692d800
FS: 00007f7562634740(0000) GS:ffff88007fc00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000040 CR3: 000000003643d000 CR4: 00000000000006f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process abrt-dump-oops (pid: 1286, threadinfo ffff88007aebe000, task ffff880079614530)
Stack:
ffff88007aebfdf8 ffff88007aebff28 ffff88007aebfc98 ffffffff81211358
ffff88003692d860 0000000000000000 ffff88007aebfcc8 ffffffff810d4968
ffff88007aebfcc8 ffff8800000038c4 0000000000000000 0000000000000000
Call Trace:
[<ffffffff81211358>] ? ext4_lookup+0xe8/0x160
[<ffffffff810d4968>] __audit_inode+0x118/0x2d0
[<ffffffff811955a9>] do_last+0x999/0xe80
[<ffffffff81191fe8>] ? inode_permission+0x18/0x50
[<ffffffff81171efa>] ? kmem_cache_alloc_trace+0x11a/0x130
[<ffffffff81195b4a>] path_openat+0xba/0x420
[<ffffffff81196111>] do_filp_open+0x41/0xa0
[<ffffffff811a24bd>] ? alloc_fd+0x4d/0x120
[<ffffffff811855cd>] do_sys_open+0xed/0x1c0
[<ffffffff810d40cc>] ? __audit_syscall_entry+0xcc/0x300
[<ffffffff811856c1>] sys_open+0x21/0x30
[<ffffffff81611ca9>] system_call_fastpath+0x16/0x1b
RSP <ffff88007aebfc38>
CR2: 0000000000000040
The problem is that do_last is passing a negative dentry to audit_inode.
The comments on lookup_open note that it can pass back a negative dentry
if O_CREAT is not set.
This patch fixes the oops, but I'm not clear on whether there's a better
approach.
Cc: Miklos Szeredi <[email protected]>
Signed-off-by: Jeff Layton <[email protected]>
Signed-off-by: Al Viro <[email protected]>
|
|
... only needed if it's been in descriptor table
Signed-off-by: Al Viro <[email protected]>
|
|
Signed-off-by: Al Viro <[email protected]>
|
|
sigh...
* opened files have non-NULL dentries and non-NULL inodes
* close_filp() needs current->files only if the file had been
in descriptor table.
Signed-off-by: Al Viro <[email protected]>
|
|
* filp_close() needs non-NULL second argument only if it'd been in descriptor
table
* opened files have non-NULL dentries, TYVM
* ... and those dentries are positive - it's kinda hard to open a file that
doesn't exist.
Signed-off-by: Al Viro <[email protected]>
|
|
a) vfs_llseek() does *not* access userland pointers of any kind
b) neither does filp_close(), for that matter
c) ... nor filp_open()
d) vfs_read() does, but we do have a wrapper for that (kernel_read()),
so there's no need to reinvent it.
e) passing current->files to filp_close() on something that never
had been in descriptor table is pointless.
ISAGN: voodoo dolls to be used on voodoo programmers...
Signed-off-by: Al Viro <[email protected]>
|
|
Signed-off-by: Al Viro <[email protected]>
|
|
Signed-off-by: Al Viro <[email protected]>
|
|
What inline? Its only use is passing its address to call_rcu(), for fuck sake!
Signed-off-by: Al Viro <[email protected]>
|
|
less work on failure that way
Signed-off-by: Al Viro <[email protected]>
|
|
* ->lookup() never gets hit with . or ..
* dentry it gets is unhashed, so unless we had gone and hashed it ourselves, there's
no need to d_drop() the sucker.
* wrong name printed in one of the printks (NULL, in fact)
Signed-off-by: Al Viro <[email protected]>
|
|
Signed-off-by: Al Viro <[email protected]>
|
|
kern_path_create()/done_path_create() resp.
One side effect - attempt to create a cross-device link on a read-only fs fails
with EROFS instead of EXDEV now. Makes more sense, POSIX allows, etc.
Signed-off-by: Al Viro <[email protected]>
|
|
Note that applying umask can't affect their results. While
that affects errno in cases like
mknod("/no_such_directory/a", 030000)
yielding -EINVAL (due to impossible mode_t) instead of
-ENOENT (due to inexistent directory), IMO that makes a lot
more sense, POSIX allows to return either and any software
that relies on getting -ENOENT instead of -EINVAL in that
case deserves everything it gets.
Signed-off-by: Al Viro <[email protected]>
|
|
releases what needs to be released after {kern,user}_path_create()
Signed-off-by: Al Viro <[email protected]>
|
|
... and cleaning spufs_create() a bit, while we are at it
Signed-off-by: Al Viro <[email protected]>
|
|
Signed-off-by: Al Viro <[email protected]>
|
|
Signed-off-by: Al Viro <[email protected]>
|
|
now that __fput() is *not* done in any callchain containing mmput(),
we can do that...
Signed-off-by: Al Viro <[email protected]>
|
|
Signed-off-by: Florian Tobias Schandinat <[email protected]>
|
|
If we accidentally pass an incorrect bpp value to pixel_to_pat(),
it panics. This is pretty useless, as we generally have the various
console locks held at that point, so nothing will be displayed,
and there is no reason to make this a fatal event.
Let's WARN instead.
Signed-off-by: Benjamin Herrenschmidt <[email protected]>
Signed-off-by: Florian Tobias Schandinat <[email protected]>
|
|
LCD blink is observed during suspend/resume and blank/unblank
operations as backlight is ON during LCDC disable and enable.
So make sure to turn OFF backlight before disabling and turn
it ON after enabling.
Signed-off-by: Manjunathappa, Prakash <[email protected]>
Signed-off-by: Florian Tobias Schandinat <[email protected]>
|
|
On recent kernels, Realtek codec parser tries to optimize the routing
aggressively and take the headphone output as primary at first. This
caused a regression on VAIO Z with ALC889, the silent output from the
speaker.
The problem seems that the speaker pin must be connected to the first
DAC (0x02) on this machine by some reason although the codec itself
advertises the flexible routing with any DACs.
This patch adds a fix-up for choosing the speaker pin as the primary
so that the right DAC is assigned on this device.
Reported-and-tested-by: Adam Williamson <[email protected]>
Signed-off-by: Takashi Iwai <[email protected]>
|
|
Commit 15dede882e564601947f2ce4b647742c0351be6d added support for
horizontal panning but accidentally computes the Y pan step value
incorrectly for NV12/21 and NV16/61 formats. Fix this.
Signed-off-by: Laurent Pinchart <[email protected]>
Signed-off-by: Florian Tobias Schandinat <[email protected]>
|
|
When FB_BLANK_UNLANK event occured, exynos mipi dsi regulators have to turn on.
Signed-off-by: Donghwa Lee <[email protected]>
Signed-off-by: Inki Dae <[email protected]>
Signed-off-by: Kyungmin Park <[email protected]>
Signed-off-by: Florian Tobias Schandinat <[email protected]>
|
|
As in specification software reset should be applied for several
cycles before bringing it out of reset. Without this patch
particularly during suspend and resume clock reset is not guaranteed
to happen.
Signed-off-by: Manjunathappa, Prakash <[email protected]>
Signed-off-by: Florian Tobias Schandinat <[email protected]>
|
|
Configure fifo threshold in raster dma_control register to
512 bytes. This reduces LCDC underflow errors.
Signed-off-by: Manjunathappa, Prakash <[email protected]>
Signed-off-by: Florian Tobias Schandinat <[email protected]>
|
|
Patch works around the below silicon errata:
During LCDC initialization, there is the potential for a FIFO
underflow condition to occur. A FIFO underflow condition
occurs when the input FIFO is completely empty and the LCDC
raster controller logic that drives data to the output pins
attempts to fetch data from the FIFO. When a FIFO underflow
condition occurs, incorrect data will be driven out on the
LCDC data pins.
Software should poll the FUF bit field in the LCD_STAT register
to check if an error condition has occurred or service the
interrupt if FUF_EN is enabled when FUF occurs. If the FUF bit
field has been set to 1, this will indicate an underflow
condition has occurred and then the software should execute a
reset of the LCDC via the LPSC.
This problem may occur if the LCDC FIFO threshold size
(LCDDMA_CTRL[TH_FIFO_READY]) is left at its default value after
reset. Increasing the FIFO threshold size will reduce or
eliminate underflows. Setting the threshold size to 256 double
words or larger is recommended.
Above issue is described in section 2.1.3 of silicon errata
http://www.ti.com/lit/er/sprz313e/sprz313e.pdf
Signed-off-by: Rajashekhara, Sudhakar <[email protected]>
Signed-off-by: Manjunathappa, Prakash <[email protected]>
Signed-off-by: Florian Tobias Schandinat <[email protected]>
|
|
Flicker/tearing effect is observed with current FB driver.
Issue is because of 2 active DMA channels ping ponging among them
along with usage of 2 DDR ping pong buffers in driver. Application
unaware of active DMA channel keeps updating frame being displayed,
this leads to tearing effect.
Below steps describes the issue:
1)Initially assume both buffers FB0 and FB1 are programmed for buffer-0.
2)On EOF0: Program FB0 for buffer-1, indicate(wake up) application
to fill up buffer-0. As FB1 is active and continues to DMA buffer-0
(which is being filled), leading to tearing/flickering issue.
3)On EOF1: Program FB1 for buffer-0, indicate(wake up) application to
fill up buffer-1. As FB0 is active and continues to DMA buffer-1(which
is being filled), leading to tearing/flickering issue.
4)On EOF0: Program FB0 for buffer-1, indicate(wake up) application to
fill up buffer-0. As FB1 is active and continues to DMA buffer-0(which is
being filled), leading to tearing/flickering issue.
...
Above steps depict that issue is because of 1 frame delay in frame
panned by application.
Patch fixes the issue by keeping track free DMA channel and configures
it in drivers PAN callback so that panned frame from application gets
displayed in next frame period.
Wiki below describes the issue in detail and it also has link to
application with which issue can be reproduced.
http://processors.wiki.ti.com/index.php/DA8xx_LCDC_Linux_FB_FAQs
Signed-off-by: Nellutla, Aditya <[email protected]>
Signed-off-by: Manjunathappa, Prakash <[email protected]>
Signed-off-by: Florian Tobias Schandinat <[email protected]>
|
|
Writing '1' to particular bit of IRQENABLE_CLEAR register disables the
corresponding interrupt on revision 2 LCDC. This register was wrongly
configured to disable all previous enabled interrupts instead of
disabling only palette completion interrupt. Patch fixes it by clearing
only palette completion interrupt bit.
Signed-off-by: Manjunathappa, Prakash <[email protected]>
Signed-off-by: Florian Tobias Schandinat <[email protected]>
|
|
add FB_BLANK_NORMAL, FB_BLANK_VSYNC_SUSPEND and FB_BLANK_HSYNC_SUSPEND
modes (copy drivers/video/omap2/omapfb/omapfb-main.c implementation).
Otherwise X-server will complain about invalid parameter.
Signed-off-by: Yegor Yefremov <[email protected]>
Signed-off-by: Florian Tobias Schandinat <[email protected]>
|
|
Include irqs.h in order to fix the following build error:
arch/arm/plat-mxc/tzic.c:195:11: error: 'FIQ_START' undeclared (first use in this function)
Signed-off-by: Fabio Estevam <[email protected]>
Acked-by: Dirk Behme <[email protected]>
Signed-off-by: Olof Johansson <[email protected]>
|
|
Pull embedded i2c changes from Wolfram Sang:
"Changes for the "embedded" part of the I2C subsystem:
- lots of devicetree conversions of drivers (and preparations for
that)
- big cleanups for drivers for OMAP, Tegra, Nomadik, Blackfin
- Rafael's struct dev_pm_ops conversion patches for I2C
- usual driver cleanups and fixes
All patches have been in linux-next for an apropriate time and all
patches touching files outside of i2c-folders should have proper acks
from the maintainers."
* 'i2c-embedded/for-next' of git://git.pengutronix.de/git/wsa/linux: (60 commits)
Revert "i2c: tegra: convert normal suspend/resume to *_noirq"
I2C: MV64XYZ: Add Device Tree support
i2c: stu300: use devm managed resources
i2c: i2c-ocores: support for 16bit and 32bit IO
V4L/DVB: mfd: use reg_shift instead of regstep
i2c: i2c-ocores: Use reg-shift property
i2c: i2c-ocores: DT bindings and minor fixes.
i2c: mv64xxxx: remove EXPERIMENTAL tag
i2c-s3c2410: Use plain pm_runtime_put()
i2c: s3c2410: Fix pointer type passed to of_match_node()
i2c: mxs: Set I2C timing registers for mxs-i2c
i2c: i2c-bfin-twi: Move blackfin TWI register access Macro to head file.
i2c: i2c-bfin-twi: Move TWI peripheral pin request array to platform data.
i2c:i2c-bfin-twi: include twi head file
i2c:i2c-bfin-twi: TWI fails to restart next transfer in high system load.
i2c: i2c-bfin-twi: Tighten condition when failing I2C transfer if MEN bit is reset unexpectedly.
i2c: i2c-bfin-twi: Break dead waiting loop if i2c device misbehaves.
i2c: i2c-bfin-twi: Improve the patch for bug "Illegal i2c bus lock upon certain transfer scenarios".
i2c: i2c-bfin-twi: Illegal i2c bus lock upon certain transfer scenarios.
i2c-mv64xxxx: allow more than one driver instance
...
Conflicts:
drivers/i2c/busses/i2c-nomadik.c
|
|
BLK_CGROUP=m is no longer valid.
Signed-off-by: Richard Weinberger <[email protected]>
|
|
this lock is no longer needed.
Signed-off-by: Richard Weinberger <[email protected]>
|
|
... use all tty_port helpers
Signed-off-by: Richard Weinberger <[email protected]>
|
|
Signed-off-by: Richard Weinberger <[email protected]>
|
|
line_ioctl() has no real function.
Signed-off-by: Richard Weinberger <[email protected]>
|
|
This means switching to the tty refcounted model so that we will not
race with interrupts.
Signed-off-by: Jiri Slaby <[email protected]>
Cc: Jeff Dike <[email protected]>
Cc: Richard Weinberger <[email protected]>
Cc: [email protected]
Signed-off-by: Richard Weinberger <[email protected]>
|
|
And use count from there.
Signed-off-by: Jiri Slaby <[email protected]>
Cc: Jeff Dike <[email protected]>
Cc: Richard Weinberger <[email protected]>
Cc: [email protected]
Signed-off-by: Richard Weinberger <[email protected]>
|
|
Pull networking fixes from David Miller:
"Several bug fixes, some to new features appearing in this merge
window, some that have been around for a while.
I have a short list of known problems that need to be sorted out, but
all of them can be solved easily during the run up to 3.6-final.
I'll be offline until Sunday afternoon, but nothing need hold up
3.6-rc1 and the close of the merge window, networking wise, at this
point.
1) Fix interface check in ipv4 TCP early demux, from Eric Dumazet.
2) Fix a long standing bug in TCP DMA to userspace offload that can
hang applications using MSG_TRUNC, from Jiri Kosina.
3) Don't allow TCP_USER_TIMEOUT to be negative, from Hangbin Liu.
4) Don't use GFP_KERNEL under spinlock in kaweth driver, from Dan
Carpenter"
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net:
tcp: perform DMA to userspace only if there is a task waiting for it
Revert "openvswitch: potential NULL deref in sample()"
ipv4: fix TCP early demux
net: fix rtnetlink IFF_PROMISC and IFF_ALLMULTI handling
USB: kaweth.c: use GFP_ATOMIC under spin_lock
tcp: Add TCP_USER_TIMEOUT negative value check
bcma: add missing iounmap on error path
bcma: fix regression in interrupt assignment on mips
mac80211_hwsim: fix possible race condition in usage of info->control.sta & control.vif
|
|
Prior to syscall invocation, __sys_trace only reloads r0-r3 from the
kernel stack, preventing the debugger from updating arguments 5-7 when
signalled via ptrace.
This patch updates the code to reload r0-r6, updating arguments 5 and 6
on the stack (argument 7 is only used by OABI indirect syscalls and
can remain in a register).
Reported-by: Al Viro <[email protected]>
Signed-off-by: Will Deacon <[email protected]>
Signed-off-by: Russell King <[email protected]>
|
|
just let do_work_pending() return 1 on normal local restarts and
-1 on those that had been caused by ERESTART_RESTARTBLOCK (and 0
is still "all done, sod off to userland now"). And let the asm
glue flip scno to restart_syscall(2) one if it got negative from
us...
[will: resolved conflicts with audit fixes]
Signed-off-by: Al Viro <[email protected]>
Signed-off-by: Will Deacon <[email protected]>
Signed-off-by: Russell King <[email protected]>
|
|
Signed-off-by: Al Viro <[email protected]>
Signed-off-by: Will Deacon <[email protected]>
Signed-off-by: Russell King <[email protected]>
|