Eric Lee / smarc-ti-linux-kernel

13 Apr, 2014

2 commits

  • 454fd351f   Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net ... Browse Code »

    Pull yet more networking updates from David Miller:

    1) Various fixes to the new Redpine Signals wireless driver, from
    Fariya Fatima.

    2) L2TP PPP connect code takes PMTU from the wrong socket, fix from
    Dmitry Petukhov.

    3) UFO and TSO packets differ in whether they include the protocol
    header in gso_size, account for that in skb_gso_transport_seglen().
    From Florian Westphal.

    4) If VLAN untagging fails, we double free the SKB in the bridging
    output path. From Toshiaki Makita.

    5) Several call sites of sk->sk_data_ready() were referencing an SKB
    just added to the socket receive queue in order to calculate the
    second argument via skb->len. This is dangerous because the moment
    the skb is added to the receive queue it can be consumed in another
    context and freed up.

    It turns out also that none of the sk->sk_data_ready()
    implementations even care about this second argument.

    So just kill it off and thus fix all these use-after-free bugs as a
    side effect.

    6) Fix inverted test in tcp_v6_send_response(), from Lorenzo Colitti.

    7) pktgen needs to do locking properly for LLTX devices, from Daniel
    Borkmann.

    8) xen-netfront driver initializes TX array entries in RX loop :-) From
    Vincenzo Maffione.

    9) After refactoring, some tunnel drivers allow a tunnel to be
    configured on top itself. Fix from Nicolas Dichtel.

    * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (46 commits)
    vti: don't allow to add the same tunnel twice
    gre: don't allow to add the same tunnel twice
    drivers: net: xen-netfront: fix array initialization bug
    pktgen: be friendly to LLTX devices
    r8152: check RTL8152_UNPLUG
    net: sun4i-emac: add promiscuous support
    net/apne: replace IS_ERR and PTR_ERR with PTR_ERR_OR_ZERO
    net: ipv6: Fix oif in TCP SYN+ACK route lookup.
    drivers: net: cpsw: enable interrupts after napi enable and clearing previous interrupts
    drivers: net: cpsw: discard all packets received when interface is down
    net: Fix use after free by removing length arg from sk_data_ready callbacks.
    Drivers: net: hyperv: Address UDP checksum issues
    Drivers: net: hyperv: Negotiate suitable ndis version for offload support
    Drivers: net: hyperv: Allocate memory for all possible per-pecket information
    bridge: Fix double free and memory leak around br_allowed_ingress
    bonding: Remove debug_fs files when module init fails
    i40evf: program RSS LUT correctly
    i40evf: remove open-coded skb_cow_head
    ixgb: remove open-coded skb_cow_head
    igbvf: remove open-coded skb_cow_head
    ...

    Linus Torvalds
     
  • 5166701b3   Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs ... Browse Code »

    Pull vfs updates from Al Viro:
    "The first vfs pile, with deep apologies for being very late in this
    window.

    Assorted cleanups and fixes, plus a large preparatory part of iov_iter
    work. There's a lot more of that, but it'll probably go into the next
    merge window - it *does* shape up nicely, removes a lot of
    boilerplate, gets rid of locking inconsistencie between aio_write and
    splice_write and I hope to get Kent's direct-io rewrite merged into
    the same queue, but some of the stuff after this point is having
    (mostly trivial) conflicts with the things already merged into
    mainline and with some I want more testing.

    This one passes LTP and xfstests without regressions, in addition to
    usual beating. BTW, readahead02 in ltp syscalls testsuite has started
    giving failures since "mm/readahead.c: fix readahead failure for
    memoryless NUMA nodes and limit readahead pages" - might be a false
    positive, might be a real regression..."

    * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: (63 commits)
    missing bits of "splice: fix racy pipe->buffers uses"
    cifs: fix the race in cifs_writev()
    ceph_sync_{,direct_}write: fix an oops on ceph_osdc_new_request() failure
    kill generic_file_buffered_write()
    ocfs2_file_aio_write(): switch to generic_perform_write()
    ceph_aio_write(): switch to generic_perform_write()
    xfs_file_buffered_aio_write(): switch to generic_perform_write()
    export generic_perform_write(), start getting rid of generic_file_buffer_write()
    generic_file_direct_write(): get rid of ppos argument
    btrfs_file_aio_write(): get rid of ppos
    kill the 5th argument of generic_file_buffered_write()
    kill the 4th argument of __generic_file_aio_write()
    lustre: don't open-code kernel_recvmsg()
    ocfs2: don't open-code kernel_recvmsg()
    drbd: don't open-code kernel_recvmsg()
    constify blk_rq_map_user_iov() and friends
    lustre: switch to kernel_sendmsg()
    ocfs2: don't open-code kernel_sendmsg()
    take iov_iter stuff to mm/iov_iter.c
    process_vm_access: tidy up a bit
    ...

    Linus Torvalds
     

12 Apr, 2014

1 commit

  • 676d23690   net: Fix use after free by removing length arg from sk_data_ready callbacks. ... Browse Code »
    13

    Several spots in the kernel perform a sequence like:

    skb_queue_tail(&sk->s_receive_queue, skb);
    sk->sk_data_ready(sk, skb->len);

    But at the moment we place the SKB onto the socket receive queue it
    can be consumed and freed up. So this skb->len access is potentially
    to freed up memory.

    Furthermore, the skb->len can be modified by the consumer so it is
    possible that the value isn't accurate.

    And finally, no actual implementation of this callback actually uses
    the length argument. And since nobody actually cared about it's
    value, lots of call sites pass arbitrary values in such as '0' and
    even '1'.

    So just remove the length argument from the callback, that way there
    is no confusion whatsoever and all of these use-after-free cases get
    fixed as a side effect.

    Based upon a patch by Eric Dumazet and his suggestion to audit this
    issue tree-wide.

    Signed-off-by: David S. Miller

    David S. Miller
     

05 Apr, 2014

1 commit

  • 7df934526   Merge branch 'cross-rename' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs ... Browse Code »

    Pull renameat2 system call from Miklos Szeredi:
    "This adds a new syscall, renameat2(), which is the same as renameat()
    but with a flags argument.

    The purpose of extending rename is to add cross-rename, a symmetric
    variant of rename, which exchanges the two files. This allows
    interesting things, which were not possible before, for example
    atomically replacing a directory tree with a symlink, etc... This
    also allows overlayfs and friends to operate on whiteouts atomically.

    Andy Lutomirski also suggested a "noreplace" flag, which disables the
    overwriting behavior of rename.

    These two flags, RENAME_EXCHANGE and RENAME_NOREPLACE are only
    implemented for ext4 as an example and for testing"

    * 'cross-rename' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs:
    ext4: add cross rename support
    ext4: rename: split out helper functions
    ext4: rename: move EMLINK check up
    ext4: rename: create ext4_renament structure for local vars
    vfs: add cross-rename
    vfs: lock_two_nondirectories: allow directory args
    security: add flags to rename hooks
    vfs: add RENAME_NOREPLACE flag
    vfs: add renameat2 syscall
    vfs: rename: use common code for dir and non-dir
    vfs: rename: move d_move() up
    vfs: add d_is_dir()

    Linus Torvalds
     

04 Apr, 2014

1 commit

  • 91b0abe36   mm + fs: store shadow entries in page cache ... Browse Code »

    Reclaim will be leaving shadow entries in the page cache radix tree upon
    evicting the real page. As those pages are found from the LRU, an
    iput() can lead to the inode being freed concurrently. At this point,
    reclaim must no longer install shadow pages because the inode freeing
    code needs to ensure the page tree is really empty.

    Add an address_space flag, AS_EXITING, that the inode freeing code sets
    under the tree lock before doing the final truncate. Reclaim will check
    for this flag before installing shadow pages.

    Signed-off-by: Johannes Weiner
    Reviewed-by: Rik van Riel
    Reviewed-by: Minchan Kim
    Cc: Andrea Arcangeli
    Cc: Bob Liu
    Cc: Christoph Hellwig
    Cc: Dave Chinner
    Cc: Greg Thelen
    Cc: Hugh Dickins
    Cc: Jan Kara
    Cc: KOSAKI Motohiro
    Cc: Luigi Semenzato
    Cc: Mel Gorman
    Cc: Metin Doslu
    Cc: Michel Lespinasse
    Cc: Ozgun Erdogan
    Cc: Peter Zijlstra
    Cc: Roman Gushchin
    Cc: Ryan Mallon
    Cc: Tejun Heo
    Cc: Vlastimil Babka
    Signed-off-by: Andrew Morton
    Signed-off-by: Linus Torvalds

    Johannes Weiner
     

02 Apr, 2014

3 commits

01 Apr, 2014

1 commit

  • 520c8b165   vfs: add renameat2 syscall ... Browse Code »

    Add new renameat2 syscall, which is the same as renameat with an added
    flags argument.

    Pass flags to vfs_rename() and to i_op->rename() as well.

    Signed-off-by: Miklos Szeredi
    Reviewed-by: J. Bruce Fields

    Miklos Szeredi
     

20 Mar, 2014

9 commits

19 Mar, 2014

2 commits

  • 34d1f637c   staging: luster: do not combine value 0 with | ... Browse Code »

    There is no point in combining a variable
    that is 0 with other things with |

    The semantic patch used:

    @@
    expression x,e,e1;
    statement S;
    @@

    if (x == 0) {

    }

    Signed-off-by: Georgiana Rodica Chelu
    Signed-off-by: Greg Kroah-Hartman

    Georgiana Rodica Chelu
     
  • 4a87df3ef   staging:lustre: Removed assignments from if statements. ... Browse Code »

    Fixed some minor checkpatch warnings such as whitespace.

    Coccinelle was used for this patch (NOTE: some of the changes were made by hand). The script is not complete (semantically) and might raise some checkpatch warnings in terms of indentation depending on existing code.

    *** IFASSIGNMENT.COCCI START ***

    /* Coccinelle script to handle assignments in if statements
    * For compound statements, can so far only handle statements with the
    * assignment on either extreme */

    /* This rule is for simple cases
    * e.g. just an assignment in if, possibly with unary operator */
    @simple@
    expression E1, E2;
    statement S1, S2;
    @@

    + E1 = E2;
    if (
    - (E1 = E2)
    + E1
    )
    S1 else S2

    /* This rule is for compound statements where the assignment is on the right.*/
    @right@
    expression E, E1, E2;
    statement S1, S2;
    @@

    (
    /* and */
    - if (E && (E1 = E2))
    + if (E) {
    + E1 = E2;
    + if (E1)
    S1 else S2
    + } else S2
    |
    - if (E && (E1 = E2))
    + if (E) {
    + E1 = E2;
    + if (E1)
    S1
    + }

    /* or */
    |
    - if (E || (E1 = E2))
    + if (!E) {
    + E1 = E2;
    + if (E1)
    S1 else S2
    + }
    + else S1
    |
    - if (E || (E1 = E2))
    + if (!E) {
    + E1 = E2;
    + if (E1) S1
    + } else
    S1

    /* not equal */
    |
    - if (E != (E1 = E2))
    + E1 = E2;
    + if (E != E1)
    S1 else S2
    |
    - if (E != (E1 = E2))
    + E1 = E2;
    + if (E != E1)
    S1

    /* equal */
    |
    - if (E == (E1 = E2))
    + E1 = E2;
    + if (E == E1)
    S1 else S2
    |
    - if (E == (E1 = E2))
    + E1 = E2;
    + if (E == E1)
    S1

    /* greater than */
    |
    - if (E > (E1 = E2))
    + E1 = E2;
    + if (E > E1)
    S1 else S2
    |
    - if (E > (E1 = E2))
    + E1 = E2;
    + if (E > E1)
    S1

    /* less than */
    |
    - if (E < (E1 = E2))
    + E1 = E2;
    + if (E < E1)
    S1 else S2
    |
    - if (E < (E1 = E2))
    + E1 = E2;
    + if (E < E1)
    S1

    /* lesser than or equal to */
    |
    - if (E = (E1 = E2))
    + E1 = E2;
    + if (E >= E1)
    S1 else S2
    |
    - if (E >= (E1 = E2))
    + E1 = E2;
    + if (E >= E1)
    S1
    )

    /* This rule is for compound statements where the assignment is on the left.*/
    @left@
    expression E, E1, E2;
    statement S1, S2;
    @@

    (
    /* and */
    - if ((E1 = E2) && E)
    + E1 = E2;
    + if (E1 && E)
    S1 else S2
    |
    - if ((E1 = E2) && E)
    + E1 = E2;
    + if (E1 && E)
    S1
    |

    /* or */
    - if ((E1 = E2) || E)
    + E1 = E2;
    + if (E1 || E)
    S1
    |
    - if ((E1 = E2) || E)
    + E1 = E2;
    + if (E1 || E)
    S1 else S2
    |

    /* not equal */
    - if ((E1 = E2) != E)
    + E1 = E2;
    + if (E1 != E)
    S1
    |
    - if ((E1 = E2) != E)
    + E1 = E2;
    + if (E1 != E)
    S1 else S2
    |

    /* equal */
    - if ((E1 = E2) == E)
    + E1 = E2;
    + if (E1 == E)
    S1
    |
    - if ((E1 = E2) == E)
    + E1 = E2;
    + if (E1 == E)
    S1 else S2
    |
    /* greater */
    - if ((E1 = E2) > E)
    + E1 = E2;
    + if (E1 > E)
    S1
    |
    - if ((E1 = E2) > E)
    + E1 = E2;
    + if (E1 > E)
    S1 else S2
    |

    /* less */
    - if ((E1 = E2) < E)
    + E1 = E2;
    + if (E1 < E)
    S1
    |
    - if ((E1 = E2) < E)
    + E1 = E2;
    + if (E1 < E)
    S1 else S2

    /* lesser than or equal to */
    - if ((E1 = E2) = E)
    + E1 = E2;
    + if (E1 >= E)
    S1
    |
    - if ((E1 = E2) >= E)
    + E1 = E2;
    + if (E1 >= E)
    S1 else S2
    )

    *** IFASSIGNMENT.COCCI END ***

    Signed-off-by: Chi Pham
    Signed-off-by: Greg Kroah-Hartman

    Chi Pham
     

18 Mar, 2014

4 commits

17 Mar, 2014

2 commits

14 Mar, 2014

1 commit

  • 18ce30c22   staging:lustre: Fix Sparse Warning for Static Declarations in console.c ... Browse Code »

    This patch fixes the following Sparse warnings in console.c :
    drivers/staging/lustre/lnet/selftest/console.c:65:1: warning: symbol 'lstcon_node_get' was not declared. Should it be static?
    drivers/staging/lustre/lnet/selftest/console.c:118:1: warning: symbol 'lstcon_node_put' was not declared. Should it be static?
    drivers/staging/lustre/lnet/selftest/console.c:348:1: warning: symbol 'lstcon_sesrpc_condition' was not declared. Should it be static?
    drivers/staging/lustre/lnet/selftest/console.c:377:1: warning: symbol 'lstcon_sesrpc_readent' was not declared. Should it be static?
    drivers/staging/lustre/lnet/selftest/console.c:834:1: warning: symbol 'lstcon_batch_find' was not declared. Should it be static?
    drivers/staging/lustre/lnet/selftest/console.c:1002:1: warning: symbol 'lstcon_batrpc_condition' was not declared. Should it be static?
    drivers/staging/lustre/lnet/selftest/console.c:1145:1: warning: symbol 'lstcon_testrpc_condition' was not declared. Should it be static?
    drivers/staging/lustre/lnet/selftest/console.c:1374:1: warning: symbol 'lstcon_test_find' was not declared. Should it be static?
    drivers/staging/lustre/lnet/selftest/console.c:1389:1: warning: symbol 'lstcon_tsbrpc_readent' was not declared. Should it be static?
    drivers/staging/lustre/lnet/selftest/console.c:1468:1: warning: symbol 'lstcon_statrpc_readent' was not declared. Should it be static?
    drivers/staging/lustre/lnet/selftest/console.c:1492:1: warning: symbol 'lstcon_ndlist_stat' was not declared. Should it be static?
    drivers/staging/lustre/lnet/selftest/console.c:1581:1: warning: symbol 'lstcon_debug_ndlist' was not declared. Should it be static?

    Signed-off-by: Himangi Saraogi
    Acked-by: Paul E. McKenney
    Signed-off-by: Peter P Waskiewicz Jr

    Himangi Saraogi
     

09 Mar, 2014

12 commits

07 Mar, 2014

1 commit

  • baf8aea4e   staging:lustre: Fix sparse warning of incorrect argument type ... Browse Code »

    This patch fixes the following sparse warning :
    drivers/staging/lustre/lustre/lmv/lproc_lmv.c:99:35: warning: incorrect type in argument 2 (different address spaces)
    drivers/staging/lustre/lustre/lmv/lproc_lmv.c:99:35: expected void const [noderef] *from
    drivers/staging/lustre/lustre/lmv/lproc_lmv.c:99:35: got char const *buffer

    Signed-off-by: Himangi Saraogi
    Signed-off-by: Greg Kroah-Hartman

    Himangi Saraogi