04 Sep, 2014
1 commit
-
commit f42bb22243d2ae264d721b055f836059fe35321f upstream.
Just add the PCI ID for the STX II. It appears to work the same as the
STX, except for the addition of the not-yet-supported daughterboard.Tested-by: Mario
Tested-by: corubba
Signed-off-by: Clemens Ladisch
Signed-off-by: Takashi Iwai
Signed-off-by: Jiri Slaby
26 Aug, 2014
1 commit
-
commit 4aa806b771d16b810771d86ce23c4c3160888db3 upstream.
Provide a helper to set both the DMA and coherent DMA masks to the
same value - this avoids duplicated code in a number of drivers,
sometimes with buggy error handling, and also allows us identify
which drivers do things differently.Signed-off-by: Russell King
Signed-off-by: Jiri Slaby
19 Aug, 2014
1 commit
-
commit 3891a04aafd668686239349ea58f3314ea2af86b upstream.
The IRET instruction, when returning to a 16-bit segment, only
restores the bottom 16 bits of the user space stack pointer. This
causes some 16-bit software to break, but it also leaks kernel state
to user space. We have a software workaround for that ("espfix") for
the 32-bit kernel, but it relies on a nonzero stack segment base which
is not available in 64-bit mode.In checkin:
b3b42ac2cbae x86-64, modify_ldt: Ban 16-bit segments on 64-bit kernels
we "solved" this by forbidding 16-bit segments on 64-bit kernels, with
the logic that 16-bit support is crippled on 64-bit kernels anyway (no
V86 support), but it turns out that people are doing stuff like
running old Win16 binaries under Wine and expect it to work.This works around this by creating percpu "ministacks", each of which
is mapped 2^16 times 64K apart. When we detect that the return SS is
on the LDT, we copy the IRET frame to the ministack and use the
relevant alias to return to userspace. The ministacks are mapped
readonly, so if IRET faults we promote #GP to #DF which is an IST
vector and thus has its own stack; we then do the fixup in the #DF
handler.(Making #GP an IST exception would make the msr_safe functions unsafe
in NMI/MC context, and quite possibly have other effects.)Special thanks to:
- Andy Lutomirski, for the suggestion of using very small stack slots
and copy (as opposed to map) the IRET frame there, and for the
suggestion to mark them readonly and let the fault promote to #DF.
- Konrad Wilk for paravirt fixup and testing.
- Borislav Petkov for testing help and useful comments.Reported-by: Brian Gerst
Signed-off-by: H. Peter Anvin
Link: http://lkml.kernel.org/r/1398816946-3351-1-git-send-email-hpa@linux.intel.com
Cc: Konrad Rzeszutek Wilk
Cc: Borislav Petkov
Cc: Andrew Lutomriski
Cc: Linus Torvalds
Cc: Dirk Hohndel
Cc: Arjan van de Ven
Cc: comex
Cc: Alexander van Heukelum
Cc: Boris Ostrovsky
Cc: # consider after upstream merge
Signed-off-by: Jiri Slaby
18 Jul, 2014
1 commit
-
commit 7cd2b0a34ab8e4db971920eef8982f985441adfb upstream.
Oleg reports a division by zero error on zero-length write() to the
percpu_pagelist_fraction sysctl:divide error: 0000 [#1] SMP DEBUG_PAGEALLOC
CPU: 1 PID: 9142 Comm: badarea_io Not tainted 3.15.0-rc2-vm-nfs+ #19
Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
task: ffff8800d5aeb6e0 ti: ffff8800d87a2000 task.ti: ffff8800d87a2000
RIP: 0010: percpu_pagelist_fraction_sysctl_handler+0x84/0x120
RSP: 0018:ffff8800d87a3e78 EFLAGS: 00010246
RAX: 0000000000000f89 RBX: ffff88011f7fd000 RCX: 0000000000000000
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000010
RBP: ffff8800d87a3e98 R08: ffffffff81d002c8 R09: ffff8800d87a3f50
R10: 000000000000000b R11: 0000000000000246 R12: 0000000000000060
R13: ffffffff81c3c3e0 R14: ffffffff81cfddf8 R15: ffff8801193b0800
FS: 00007f614f1e9740(0000) GS:ffff88011f440000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 00007f614f1fa000 CR3: 00000000d9291000 CR4: 00000000000006e0
Call Trace:
proc_sys_call_handler+0xb3/0xc0
proc_sys_write+0x14/0x20
vfs_write+0xba/0x1e0
SyS_write+0x46/0xb0
tracesys+0xe1/0xe6However, if the percpu_pagelist_fraction sysctl is set by the user, it
is also impossible to restore it to the kernel default since the user
cannot write 0 to the sysctl.This patch allows the user to write 0 to restore the default behavior.
It still requires a fraction equal to or larger than 8, however, as
stated by the documentation for sanity. If a value in the range [1, 7]
is written, the sysctl will return EINVAL.This successfully solves the divide by zero issue at the same time.
Signed-off-by: David Rientjes
Reported-by: Oleg Drokin
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
Signed-off-by: Jiri Slaby
17 Jul, 2014
1 commit
-
commit 8401aa1f59975c03eeebd3ac6d264cbdfe9af5de upstream.
Update the SubmittingPatches process to include howto about the new
'Fixes:' tag to be used when a patch fixes an issue in a previous commit
(found by git-bisect for example).Signed-off-by: Jacob Keller
Tested-by: Aaron Brown
Signed-off-by: Jeff Kirsher
Cc: Randy Dunlap
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
Signed-off-by: Jiri Slaby
02 Jul, 2014
1 commit
-
commit 3ba08129e38437561df44c36b7ea9081185d5333 upstream.
Currently memory error handler handles action optional errors in the
deferred manner by default. And if a recovery aware application wants
to handle it immediately, it can do it by setting PF_MCE_EARLY flag.
However, such signal can be sent only to the main thread, so it's
problematic if the application wants to have a dedicated thread to
handler such signals.So this patch adds dedicated thread support to memory error handler. We
have PF_MCE_EARLY flags for each thread separately, so with this patch
AO signal is sent to the thread with PF_MCE_EARLY flag set, not the main
thread. If you want to implement a dedicated thread, you call prctl()
to set PF_MCE_EARLY on the thread.Memory error handler collects processes to be killed, so this patch lets
it check PF_MCE_EARLY flag on each thread in the collecting routines.No behavioral change for all non-early kill cases.
Tony said:
: The old behavior was crazy - someone with a multithreaded process might
: well expect that if they call prctl(PF_MCE_EARLY) in just one thread, then
: that thread would see the SIGBUS with si_code = BUS_MCEERR_A0 - even if
: that thread wasn't the main thread for the process.[akpm@linux-foundation.org: coding-style fixes]
Signed-off-by: Naoya Horiguchi
Reviewed-by: Tony Luck
Cc: Kamil Iskra
Cc: Andi Kleen
Cc: Borislav Petkov
Cc: Chen Gong
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
Signed-off-by: Jiri Slaby
27 Jun, 2014
1 commit
-
commit 00159a2013269bc0a617de885e4b921349192bd0 upstream.
When booting a kexec/kdump kernel on a system that has specific memory
hotplug regions the boot will fail with warnings like:swapper/0: page allocation failure: order:9, mode:0x84d0
CPU: 0 PID: 1 Comm: swapper/0 Not tainted 3.10.0-65.el7.x86_64 #1
Hardware name: QCI QSSC-S4R/QSSC-S4R, BIOS QSSC-S4R.QCI.01.00.S013.032920111005 03/29/2011
0000000000000000 ffff8800341bd8c8 ffffffff815bcc67 ffff8800341bd950
ffffffff8113b1a0 ffff880036339b00 0000000000000009 00000000000084d0
ffff8800341bd950 ffffffff815b87ee 0000000000000000 0000000000000200
Call Trace:
[] dump_stack+0x19/0x1b
[] warn_alloc_failed+0xf0/0x160
[] ? __alloc_pages_direct_compact+0xac/0x196
[] __alloc_pages_nodemask+0x7ff/0xa00
[] vmemmap_alloc_block+0x62/0xba
[] vmemmap_alloc_block_buf+0x15/0x3b
[] vmemmap_populate+0xb4/0x21b
[] sparse_mem_map_populate+0x27/0x35
[] sparse_add_one_section+0x7a/0x185
[] __add_pages+0xaf/0x240
[] arch_add_memory+0x59/0xd0
[] add_memory+0xb9/0x1b0
[] acpi_memory_device_add+0x18d/0x26d
[] acpi_bus_device_attach+0x7d/0xcd
[] acpi_ns_walk_namespace+0xc8/0x17f
[] ? acpi_bus_type_and_status+0x90/0x90
[] ? acpi_bus_type_and_status+0x90/0x90
[] acpi_walk_namespace+0x95/0xc5
[] acpi_bus_scan+0x8b/0x9d
[] acpi_scan_init+0x63/0x160
[] acpi_init+0x25d/0x2a6
[] ? acpi_sleep_proc_init+0x2a/0x2a
[] do_one_initcall+0xe2/0x190
[] kernel_init_freeable+0x17c/0x207
[] ? do_early_param+0x88/0x88
[] ? rest_init+0x80/0x80
[] kernel_init+0xe/0x180
[] ret_from_fork+0x7c/0xb0
[] ? rest_init+0x80/0x80
Mem-Info:
Node 0 DMA per-cpu:
CPU 0: hi: 0, btch: 1 usd: 0
Node 0 DMA32 per-cpu:
CPU 0: hi: 42, btch: 7 usd: 0
active_anon:0 inactive_anon:0 isolated_anon:0
active_file:0 inactive_file:0 isolated_file:0
unevictable:0 dirty:0 writeback:0 unstable:0
free:872 slab_reclaimable:13 slab_unreclaimable:1880
mapped:0 shmem:0 pagetables:0 bounce:0
free_cma:0because the system has run out of memory at boot time. This occurs
because of the following sequence in the boot:Main kernel boots and sets E820 map. The second kernel is booted with a
map generated by the kdump service using memmap= and memmap=exactmap.
These parameters are added to the kernel parameters of the kexec/kdump
kernel. The kexec/kdump kernel has limited memory resources so as not
to severely impact the main kernel.The system then panics and the kdump/kexec kernel boots (which is a
completely new kernel boot). During this boot ACPI is initialized and the
kernel (as can be seen above) traverses the ACPI namespace and finds an
entry for a memory device to be hotadded.ie)
[] __add_pages+0xaf/0x240
[] arch_add_memory+0x59/0xd0
[] add_memory+0xb9/0x1b0
[] acpi_memory_device_add+0x18d/0x26d
[] acpi_bus_device_attach+0x7d/0xcd
[] acpi_ns_walk_namespace+0xc8/0x17f
[] ? acpi_bus_type_and_status+0x90/0x90
[] ? acpi_bus_type_and_status+0x90/0x90
[] acpi_walk_namespace+0x95/0xc5
[] acpi_bus_scan+0x8b/0x9d
[] acpi_scan_init+0x63/0x160
[] acpi_init+0x25d/0x2a6At this point the kernel adds page table information and the the kexec/kdump
kernel runs out of memory.This can also be reproduced by using the memmap=exactmap and mem=X
parameters on the main kernel and booting.This patchset resolves the problem by adding a kernel parameter,
acpi_no_memhotplug, to disable ACPI memory hotplug.Signed-off-by: Prarit Bhargava
Acked-by: Vivek Goyal
Acked-by: Toshi Kani
Acked-by: David Rientjes
Signed-off-by: Rafael J. Wysocki
Signed-off-by: Jiri Slaby
20 Jun, 2014
2 commits
-
commit f9b2a735bdddf836214b5dca74f6ca7712e5a08c upstream.
Files are measured or appraised based on the IMA policy. When a
file, in policy, is opened with the O_DIRECT flag, a deadlock
occurs.The first attempt at resolving this lockdep temporarily removed the
O_DIRECT flag and restored it, after calculating the hash. The
second attempt introduced the O_DIRECT_HAVELOCK flag. Based on this
flag, do_blockdev_direct_IO() would skip taking the i_mutex a second
time. The third attempt, by Dmitry Kasatkin, resolves the i_mutex
locking issue, by re-introducing the IMA mutex, but uncovered
another problem. Reading a file with O_DIRECT flag set, writes
directly to userspace pages. A second patch allocates a user-space
like memory. This works for all IMA hooks, except ima_file_free(),
which is called on __fput() to recalculate the file hash.Until this last issue is addressed, do not 'collect' the
measurement for measuring, appraising, or auditing files opened
with the O_DIRECT flag set. Based on policy, permit or deny file
access. This patch defines a new IMA policy rule option named
'permit_directio'. Policy rules could be defined, based on LSM
or other criteria, to permit specific applications to open files
with the O_DIRECT flag set.Changelog v1:
- permit or deny file access based IMA policy rulesSigned-off-by: Mimi Zohar
Acked-by: Dmitry Kasatkin
Signed-off-by: Jiri Slaby -
commit e60cbeedc48d80689c249ab5dcc3c31ad0452dea upstream.
Prior to commit 4266129964b8 ("[media] DocBook: Move all media docbook
stuff into its own directory") it was possible to build only a single
(or more) book(s) by calling, for examplemake htmldocs DOCBOOKS=80211.xml
This now fails:
cp: target `.../Documentation/DocBook//media_api' is not a directory
Ignore errors from that copy to make this possible again.
Fixes: 4266129964b8 ("[media] DocBook: Move all media docbook stuff into its own directory")
Signed-off-by: Johannes Berg
Acked-by: Randy Dunlap
Cc: Mauro Carvalho Chehab
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
Signed-off-by: Jiri Slaby
09 Jun, 2014
2 commits
-
commit 36189cc3cd57ab0f1cd75241f93fe01de928ac06 upstream.
The hw_version 3 Elantech touchpad on the Gigabyte U2442 does not accept
0x0b as initialization value for r10, this stand-alone version of the
driver: http://planet76.com/drivers/elantech/psmouse-elantech-v6.tar.bz2Uses 0x03 which does work, so this means not setting bit 3 of r10 which
sets: "Enable Real H/W Resolution In Absolute mode"Which will result in half the x and y resolution we get with that bit set,
so simply not setting it everywhere is not a solution. We've been unable to
find a way to identify touchpads where setting the bit will fail, so this
patch uses a dmi based blacklist for this.https://bugzilla.kernel.org/show_bug.cgi?id=61151
Reported-by: Philipp Wolfer
Tested-by: Philipp Wolfer
Signed-off-by: Hans de Goede
Signed-off-by: Dmitry Torokhov
Signed-off-by: Jiri Slaby -
commit 98b0f811aade1b7c6e7806c86aa0befd5919d65f upstream.
The English and Korean translations were updated, the Chinese and Japanese
weren't.Signed-off-by: Geert Uytterhoeven
Signed-off-by: Jiri Slaby
Signed-off-by: Jiri Slaby
15 May, 2014
2 commits
-
commit 61f0319193c44adbbada920162d880b1fdb3aeb3 upstream.
Signed-off-by: Wolfram Sang
Signed-off-by: Hans de Goede
Signed-off-by: Mauro Carvalho Chehab
Signed-off-by: Jiri Slaby -
commit 12f6dd860cf8bf036c0bec38c00a53da71bcd43a upstream.
Wolfram Sang pointed out that "efm32,$device" is non-standard. So use the
common scheme and prefix device with "efm32-". The old compatible string
is left in place until arch/arm/boot/dts/efm32* is fixed.Signed-off-by: Uwe Kleine-König
Acked-by: Wolfram Sang
Signed-off-by: Mark Brown
Signed-off-by: Jiri Slaby
05 May, 2014
1 commit
-
commit 1b31e9b76ef8c62291e698dfdb973499986a7f68 upstream.
Add Device ID of Intel BayTrail SMBus Controller.
Signed-off-by: Chew, Kean ho
Signed-off-by: Chew, Chiau Ee
Reviewed-by: Jean Delvare
Signed-off-by: Wolfram Sang
Signed-off-by: Jiri Slaby
18 Apr, 2014
1 commit
-
[ Upstream commit ebf4ad955d3e26d4d2a33709624fc7b5b9d3b969 ]
Few platforms use external regulator to keep the ethernet MAC supplied.
So, request and enable the regulator for driver functionality.Fixes: 66fda75f47dc (regulator: core: Replace direct ops->disable usage)
Reported-by: Russell King
Suggested-by: Markus Pargmann
Signed-off-by: Nishanth Menon
Signed-off-by: David S. Miller
Signed-off-by: Jiri Slaby
02 Apr, 2014
1 commit
-
commit afc659241258b40b683998ec801d25d276529f43 upstream.
This patch adds the SMBus Device IDs for the Intel Wildcat Point-LP PCH.
Signed-off-by: James Ralston
Signed-off-by: Wolfram Sang
Signed-off-by: Jiri Slaby
14 Feb, 2014
1 commit
-
commit 778c14affaf94a9e4953179d3e13a544ccce7707 upstream.
A 3% of system memory bonus is sometimes too excessive in comparison to
other processes.With commit a63d83f427fb ("oom: badness heuristic rewrite"), the OOM
killer tries to avoid killing privileged tasks by subtracting 3% of
overall memory (system or cgroup) from their per-task consumption. But
as a result, all root tasks that consume less than 3% of overall memory
are considered equal, and so it only takes 33+ privileged tasks pushing
the system out of memory for the OOM killer to do something stupid and
kill dhclient or other root-owned processes. For example, on a 32G
machine it can't tell the difference between the 1M agetty and the 10G
fork bomb member.The changelog describes this 3% boost as the equivalent to the global
overcommit limit being 3% higher for privileged tasks, but this is not
the same as discounting 3% of overall memory from _every privileged task
individually_ during OOM selection.Replace the 3% of system memory bonus with a 3% of current memory usage
bonus.By giving root tasks a bonus that is proportional to their actual size,
they remain comparable even when relatively small. In the example
above, the OOM killer will discount the 1M agetty's 256 badness points
down to 179, and the 10G fork bomb's 262144 points down to 183500 points
and make the right choice, instead of discounting both to 0 and killing
agetty because it's first in the task list.Signed-off-by: David Rientjes
Reported-by: Johannes Weiner
Acked-by: Johannes Weiner
Cc: Michal Hocko
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
Signed-off-by: Greg Kroah-Hartman
07 Feb, 2014
3 commits
-
commit 032f708bc4f6da868ec49dac48ddf3670d8035d3 upstream.
The locations of SMBus register base address and enablement bit are changed
from AMD ML, which need this patch to be supported.Signed-off-by: Shane Huang
Reviewed-by: Jean Delvare
Signed-off-by: Wolfram Sang
Signed-off-by: Greg Kroah-Hartman -
commit f8b94beb7e6a374cb0de531b72377c49857b35ca upstream.
The first variants of Armada XP SoCs (A0 stepping) have issues related
to the i2c controller which prevent to use the offload mechanism and
lead to a kernel hang during boot.The commit introduces a new the compatible string
marvell,mv78230-a0-i2c for the i2c controller.Signed-off-by: Gregory CLEMENT
Acked-by: Arnd Bergmann
cc: devicetree@vger.kernel.org
Fixes: 930ab3d403ae (i2c: mv64xxx: Add I2C Transaction Generator support)
Signed-off-by: Jason Cooper
Signed-off-by: Greg Kroah-Hartman -
commit b1f5c73bd5a4752efb7d7af019034044b08aafe9 upstream.
The sata_mv driver supports the SATA IP found in several Marvell SoCs.
As some new SATA registers have been introduced with the Armada 370/XP
SoCs, a way to identify them is needed.This patch introduces a new compatible string for the SATA IP found in
Armada 370/XP SoCs.Signed-off-by: Simon Guinot
Cc: Thomas Petazzoni
Cc: Jason Cooper
Cc: Andrew Lunn
Cc: Gregory Clement
Cc: Sebastian Hesselbarth
Cc: Lior Amsalem
Acked-by: Jason Cooper
Signed-off-by: Tejun Heo
Signed-off-by: Greg Kroah-Hartman
16 Jan, 2014
2 commits
-
commit 8fb9aeb7a71ef4f3e0613d459a2e1366a7a90469 upstream.
Adds gate clock for MDMA0 on Exynos5250 SoC. This is needed to ensure
that the clock is enabled when MDMA0 is used on systems on which
firmware gates the clockby default.Signed-off-by: Abhilash Kesavan
Acked-by: Mike Turquette
[t.figa: Updated patch description.]
Signed-off-by: Tomasz Figa
Signed-off-by: Greg Kroah-Hartman -
[ Upstream commit 66e56cd46b93ef407c60adcac62cf33b06119d50 ]
Commit e40526cb20b5 introduced a cached dev pointer, that gets
hooked into register_prot_hook(), __unregister_prot_hook() to
update the device used for the send path.We need to fix this up, as otherwise this will not work with
sockets created with protocol = 0, plus with sll_protocol = 0
passed via sockaddr_ll when doing the bind.So instead, assign the pointer directly. The compiler can inline
these helper functions automagically.While at it, also assume the cached dev fast-path as likely(),
and document this variant of socket creation as it seems it is
not widely used (seems not even the author of TX_RING was aware
of that in his reference example [1]). Tested with reproducer
from e40526cb20b5.[1] http://wiki.ipxwarzone.com/index.php5?title=Linux_packet_mmap#Example
Fixes: e40526cb20b5 ("packet: fix use after free race in send path when dev is released")
Signed-off-by: Daniel Borkmann
Tested-by: Salam Noureddine
Tested-by: Jesper Dangaard Brouer
Signed-off-by: David S. Miller
Signed-off-by: Greg Kroah-Hartman
10 Jan, 2014
1 commit
-
commit b8bd6dc36186fe99afa7b73e9e2d9a98ad5c4865 upstream.
A user on StackExchange had a failing SSD that's soldered directly
onto the motherboard of his system. The BIOS does not give any option
to disable it at all, so he can't just hide it from the OS via the
BIOS.The old IDE layer had hdX=noprobe override for situations like this,
but that was never ported to the libata layer.This patch implements a disable flag for libata.force.
Example use:
libata.force=2.0:disable
[v2 of the patch, removed the nodisable flag per Tejun Heo]
Signed-off-by: Robin H. Johnson
Signed-off-by: Tejun Heo
Link: http://unix.stackexchange.com/questions/102648/how-to-tell-linux-kernel-3-0-to-completely-ignore-a-failing-disk
Link: http://askubuntu.com/questions/352836/how-can-i-tell-linux-kernel-to-completely-ignore-a-disk-as-if-it-was-not-even-co
Link: http://superuser.com/questions/599333/how-to-disable-kernel-probing-for-drive
Signed-off-by: Greg Kroah-Hartman
08 Dec, 2013
1 commit
-
[ Upstream commit 98e09386c0ef4dfd48af7ba60ff908f0d525cdee ]
After commit c9eeec26e32e ("tcp: TSQ can use a dynamic limit"), several
users reported throughput regressions, notably on mvneta and wifi
adapters.802.11 AMPDU requires a fair amount of queueing to be effective.
This patch partially reverts the change done in tcp_write_xmit()
so that the minimal amount is sysctl_tcp_limit_output_bytes.It also remove the use of this sysctl while building skb stored
in write queue, as TSO autosizing does the right thing anyway.Users with well behaving NICS and correct qdisc (like sch_fq),
can then lower the default sysctl_tcp_limit_output_bytes value from
128KB to 8KB.This new usage of sysctl_tcp_limit_output_bytes permits each driver
authors to check how their driver performs when/if the value is set
to a minimum of 4KB.Normally, line rate for a single TCP flow should be possible,
but some drivers rely on timers to perform TX completion and
too long TX completion delays prevent reaching full throughput.Fixes: c9eeec26e32e ("tcp: TSQ can use a dynamic limit")
Signed-off-by: Eric Dumazet
Reported-by: Sujith Manoharan
Reported-by: Arnaud Ebalard
Tested-by: Sujith Manoharan
Cc: Felix Fietkau
Signed-off-by: David S. Miller
Signed-off-by: Greg Kroah-Hartman
05 Dec, 2013
1 commit
-
commit 312b4e226951f707e120b95b118cbc14f3d162b2 upstream.
Some setuid binaries will allow reading of files which have read
permission by the real user id. This is problematic with files which
use %pK because the file access permission is checked at open() time,
but the kptr_restrict setting is checked at read() time. If a setuid
binary opens a %pK file as an unprivileged user, and then elevates
permissions before reading the file, then kernel pointer values may be
leaked.This happens for example with the setuid pppd application on Ubuntu 12.04:
$ head -1 /proc/kallsyms
00000000 T startup_32$ pppd file /proc/kallsyms
pppd: In file /proc/kallsyms: unrecognized option 'c1000000'This will only leak the pointer value from the first line, but other
setuid binaries may leak more information.Fix this by adding a check that in addition to the current process having
CAP_SYSLOG, that effective user and group ids are equal to the real ids.
If a setuid binary reads the contents of a file which uses %pK then the
pointer values will be printed as NULL if the real user is unprivileged.Update the sysctl documentation to reflect the changes, and also correct
the documentation to state the kptr_restrict=0 is the default.This is a only temporary solution to the issue. The correct solution is
to do the permission check at open() time on files, and to replace %pK
with a function which checks the open() time permission. %pK uses in
printk should be removed since no sane permission check can be done, and
instead protected by using dmesg_restrict.Signed-off-by: Ryan Mallon
Cc: Kees Cook
Cc: Alexander Viro
Cc: Joe Perches
Cc: "Eric W. Biederman"
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
Signed-off-by: Greg Kroah-Hartman
23 Oct, 2013
1 commit
-
Pull networking fixes from David Miller:
"Sorry I let so much accumulate, I was in Buffalo and wanted a few
things to cook in my tree for a while before sending to you. Anyways,
it's a lot of little things as usual at this stage in the game"1) Make bonding MAINTAINERS entry reflect reality, from Andy
Gospodarek.2) Fix accidental sock_put() on timewait mini sockets, from Eric
Dumazet.3) Fix crashes in l2tp due to mis-handling of ipv4 mapped ipv6
addresses, from François CACHEREUL.4) Fix heap overflow in __audit_sockaddr(), from the eagle eyed Dan
Carpenter.5) tcp_shifted_skb() doesn't take handle FINs properly, from Eric
Dumazet.6) SFC driver bug fixes from Ben Hutchings.
7) Fix TX packet scheduling wedge after channel change in ath9k driver,
from Felix Fietkau.8) Fix user after free in BPF JIT code, from Alexei Starovoitov.
9) Source address selection test is reversed in
__ip_route_output_key(), fix from Jiri Benc.10) VLAN and CAN layer mis-size netlink attributes, from Marc
Kleine-Budde.11) Fix permission checks in sysctls to use current_euid() instead of
current_uid(). From Eric W Biederman.12) IPSEC policies can go away while a timer is still pending for them,
add appropriate ref-counting to fix, from Steffen Klassert.13) Fix mis-programming of FDR and RMCR registers on R8A7740 sh_eth
chips, from Nguyen Hong Ky and Simon Horman.14) MLX4 forgets to DMA unmap pages on RX, fix from Amir Vadai.
15) IPV6 GRE tunnel MTU upper limit is miscalculated, from Oussama
Ghorbel.16) Fix typo in fq_change(), we were assigning "initial quantum" to
"quantum". From Eric Dumazet.17) Set a more appropriate sk_pacing_rate for non-TCP sockets, otherwise
FQ packet scheduler does not pace those flows properly. Also from
Eric Dumazet.18) rtlwifi miscalculates packet pointers, from Mark Cave-Ayland.
19) l2tp_xmit_skb() can be called from process context, not just softirq
context, so we must always make sure to BH disable around it. From
Eric Dumazet.20) On qdisc reset, we forget to purge the RB tree of SKBs in netem
packet scheduler. From Stephen Hemminger.21) Fix info leak in farsync WAN driver ioctl() handler, from Dan
Carpenter and Salva Peiró.22) Fix PHY reset and other issues in dm9000 driver, from Nikita
Kiryanov and Michael Abbott.23) When hardware can do SCTP crc32 checksums, we accidently don't
disable the csum offload when IPSEC transformations have been
applied. From Fan Du and Vlad Yasevich.24) Tail loss probing in TCP leaves the socket in the wrong congestion
avoidance state. From Yuchung Cheng.25) In CPSW driver, enable NAPI before interrupts are turned on, from
Markus Pargmann.26) Integer underflow and dual-assignment in YAM hamradio driver, from
Dan Carpenter.27) If we are going to mangle a packet in tcp_set_skb_tso_segs() we must
unclone it. This fixes various hard to track down crashes in
drivers where the SKBs ->gso_segs was changing right from underneath
the driver during TX queueing. From Eric Dumazet.28) Fix the handling of VLAN IDs, and in particular the special IDs 0
and 4095, in the bridging layer. From Toshiaki Makita.29) Another info leak, this time in wanxl WAN driver, from Salva Peiró.
30) Fix race in socket credential passing, from Daniel Borkmann.
31) WHen NETLABEL is disabled, we don't validate CIPSO packets properly,
from Seif Mazareeb.32) Fix identification of fragmented frames in ipv4/ipv6 UDP
Fragmentation Offload output paths, from Jiri Pirko.33) Virtual Function fixes in bnx2x driver from Yuval Mintz and Ariel
Elior.34) When we removed the explicit neighbour pointer from ipv6 routes a
slight regression was introduced for users such as IPVS, xt_TEE, and
raw sockets. We mix up the users requested destination address with
the routes assigned nexthop/gateway. From Julian Anastasov and
Simon Horman.35) Fix stack overruns in rt6_probe(), the issue is that can end up
doing two full packet xmit paths at the same time when emitting
neighbour discovery messages. From Hannes Frederic Sowa.36) davinci_emac driver doesn't handle IFF_ALLMULTI correctly, from
Mariusz Ceier.37) Make sure to set TCP sk_pacing_rate after the first legitimate RTT
sample, from Neal Cardwell.38) Wrong netlink attribute passed to xfrm_replay_verify_len(), from
Steffen Klassert.* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (152 commits)
ax88179_178a: Add VID:DID for Samsung USB Ethernet Adapter
ax88179_178a: Correct the RX error definition in RX header
Revert "bridge: only expire the mdb entry when query is received"
tcp: initialize passive-side sk_pacing_rate after 3WHS
davinci_emac.c: Fix IFF_ALLMULTI setup
mac802154: correct a typo in ieee802154_alloc_device() prototype
ipv6: probe routes asynchronous in rt6_probe
netfilter: nf_conntrack: fix rt6i_gateway checks for H.323 helper
ipv6: fill rt6i_gateway with nexthop address
ipv6: always prefer rt6i_gateway if present
bnx2x: Set NETIF_F_HIGHDMA unconditionally
bnx2x: Don't pretend during register dump
bnx2x: Lock DMAE when used by statistic flow
bnx2x: Prevent null pointer dereference on error flow
bnx2x: Fix config when SR-IOV and iSCSI are enabled
bnx2x: Fix Coalescing configuration
bnx2x: Unlock VF-PF channel on MAC/VLAN config error
bnx2x: Prevent an illegal pointer dereference during panic
bnx2x: Fix Maximum CoS estimation for VFs
drivers: net: cpsw: fix kernel warn during iperf test with interrupt pacing
...
16 Oct, 2013
1 commit
-
Pull device tree fixes and reverts from Grant Likely:
"One bug fix and three reverts. The reverts back out the slightly
controversial feeding the entire device tree into the random pool and
the reserved-memory binding which isn't fully baked yet. Expect the
reserved-memory patches at least to resurface for v3.13.The bug fixes removes a scary but harmless warning on SPARC that was
introduced in the v3.12 merge window. v3.13 will contain a proper fix
that makes the new code work on SPARC.On the plus side, the diffstat looks *awesome*. I love removing lines
of code"* tag 'devicetree-for-linus' of git://git.secretlab.ca/git/linux:
Revert "drivers: of: add initialization code for dma reserved memory"
Revert "ARM: init: add support for reserved memory defined by device tree"
Revert "of: Feed entire flattened device tree into the random pool"
of: fix unnecessary warning on missing /cpus node
15 Oct, 2013
2 commits
-
This reverts commit 9d8eab7af79cb4ce2de5de39f82c455b1f796963. There is
still no consensus on the bindings for the reserved memory and various
drawbacks of the proposed solution has been shown, so the best now is to
revert it completely and start again from scratch later.Signed-off-by: Marek Szyprowski
Signed-off-by: Grant Likely -
Pull ACPI and power management fixes from Rafael Wysocki:
"These fix two recent bugs in ACPIPHP (ACPI-based PCI hotplug) and
update a bunch of web links and e-mail addresses in MAINTAINERS, docs
and Kconfig that either are stale or will expire soon.Specifics:
- The WARN_ON() in acpiphp_enumerate_slots() triggers as a false
positive in some cases, so drop it.- Add a missing pci_dev_put() to an error code path in
acpiphp_enumerate_slots().- Replace my old e-mail address that's going to expire with a new
one.- Update ACPI web links and git tree information in MAINTAINERS.
- Update links to the Linux-ACPI project's page in MAINTAINERS.
- Update some stale links and e-mail addresses under Documentation
and in the ACPI Kconfig file"* tag 'pm+acpi-3.12-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
ACPI / hotplug / PCI: Drop WARN_ON() from acpiphp_enumerate_slots()
ACPI / hotplug / PCI: Fix error code path in acpiphp_enumerate_slots()
ACPI / PM / Documentation: Replace outdated project links and addresses
MAINTAINERS / ACPI: Update links to the Linux-ACPI project web page
MAINTAINERS / ACPI: Update links and git tree information
MAINTAINERS / Documentation: Update Rafael's e-mail address
13 Oct, 2013
1 commit
-
Pull sound fixes from Takashi Iwai:
"All stable fixes except for a trivial headset mic fixup: the removal
of bogus frame checks in snd-usb-usx2y driver that have regressed in
the recent kernel versions, the HD-audio HDMI channel map fix, and a
few HD-audio device-specific fixes"* tag 'sound-3.12' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
ALSA: hda - Sony VAIO Pro 13 (haswell) now has a working headset jack
ALSA: hda - Add a headset mic model for ALC269 and friends
ALSA: hda - Fix microphone for Sony VAIO Pro 13 (Haswell model)
ALSA: hda - Add fixup for ASUS N56VZ
ALSA: hda - hdmi: Fix channel map switch not taking effect
ALSA: hda - Fix mono speakers and headset mic on Dell Vostro 5470
ALSA: snd-usb-usx2y: remove bogus frame checks
11 Oct, 2013
2 commits
-
Some links to projects web pages and e-mail addresses in ACPI/PM
documentation and Kconfig are outdated, so update them.Signed-off-by: Rafael J. Wysocki
-
Using the headset mic model will cause the headset mic to be labeled
"headset mic" instead of just "mic".Signed-off-by: David Henningsson
Signed-off-by: Takashi Iwai
09 Oct, 2013
1 commit
-
The e-mail address rjw@sisk.pl that I have been using for quite some
time is going to expire at one point, so replace it with a new one,
rjw@rjwysocki.net, everywhere in MAINTAINERS and Documentation/ABI.Signed-off-by: Rafael J. Wysocki
03 Oct, 2013
2 commits
-
Pull ARM SoC fixes from Olof Johansson:
"We have a fairly large batch of fixes this time around, mostly just
due to various platforms all having a fix or two more than usual.Worth pointing out are:
- A fix for EDMA on Davinci/OMAP where channel allocation broke with
the DT conversion. Due to some miscommunication we didn't
understand the impact of the breakage, so we were pushing back on
it for 3.12, but it sounds like it's actually breaking quite a few
people out there.- A bunch of fixes for Marvell platforms, some straggling fixes for
merge window fallout and some fixes for a couple of the platforms
(Netgear RN102 in particular).- A fix for a race between multi-cluster power management and cpu
hotplug on Versatile Express.And a bunch of other smaller fixes that all add up.
We'll be switching over into stricter regressions-only mode from here
on out"* tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc: (31 commits)
ARM: multi_v7_defconfig: add SDHCI for i.MX
bus: mvebu-mbus: Fix optional pcie-mem/io-aperture properties
ARM: mvebu: add missing DT Mbus ranges and relocate PCIe DT nodes for RN102
ARM: at91: sam9g45: shutdown ddr1 too when rebooting
MAINTAINERS: ARM: SIRF: use kernel.org mail box
MAINTAINERS: ARM: SIRF: add missed drivers into maintain list
ARM: edma: Fix clearing of unused list for DT DMA resources
ARM: vexpress: tc2: fix hotplug/idle/kexec race on cluster power down
ARM: dts: sirf: fix interrupt and dma prop of VIP for prima2 and atlas6
ARM: dts: sirf: fix the ranges of peri-iobrg of prima2
ARM: dts: makefile: build atlas6-evb.dtb for ARCH_ATLAS6
ARM: dts: sirf: fix fifosize, clks, dma channels for UART
ARM: mvebu: Add DT entry for ReadyNAS 102 to use gpio-poweroff driver
ARM: mvebu: fix ReadyNAS 102 Power button GPIO to make it active high
ARM: mach-integrator: Add stub for pci_v3_early_init() for !CONFIG_PCI
ARM: shmobile: Remove #gpio-ranges-cells DT property
gpio: rcar: Remove #gpio-range-cells DT property usage
ARM: shmobile: armadillo: fixup ether pinctrl naming
ARM: shmobile: Lager: add Micrel KSZ8041 PHY fixup
ARM: shmobile: update SDHI DT compatibility string to the - format
... -
Use the precalculated size instead of obfuscating the message length
calculation by first subtracting the netlink header length from size
and then use the NLMSG_LENGTH() macro to add it back again.Signed-off-by: Mathias Krause
Signed-off-by: David S. Miller
02 Oct, 2013
1 commit
-
Pull networking changes from David Miller:
1) Multiply in netfilter IPVS can overflow when calculating destination
weight. From Simon Kirby.2) Use after free fixes in IPVS from Julian Anastasov.
3) SFC driver bug fixes from Daniel Pieczko.
4) Memory leak in pcan_usb_core failure paths, from Alexey Khoroshilov.
5) Locking and encapsulation fixes to serial line CAN driver, from
Andrew Naujoks.6) Duplex and VF handling fixes to bnx2x driver from Yaniv Rosner,
Eilon Greenstein, and Ariel Elior.7) In lapb, if no other packets are outstanding, T1 timeouts actually
stall things and no packet gets sent. Fix from Josselin Costanzi.8) ICMP redirects should not make it to the socket error queues, from
Duan Jiong.9) Fix bugs in skge DMA mapping error handling, from Nikulas Patocka.
10) Fix setting of VLAN priority field on via-rhine driver, from Roget
Luethi.11) Fix TX stalls and VLAN promisc programming in be2net driver from
Ajit Khaparde.12) Packet padding doesn't get handled correctly in new usbnet SG
support code, from Ming Lei.13) Fix races in netdevice teardown wrt. network namespace closing.
From Eric W. Biederman.14) Fix potential missed initialization of net_secret if not TCP
connections are openned. From Eric Dumazet.15) Cinterion PLXX product ID in qmi_wwan driver is wrong, from
Aleksander Morgado.16) skb_cow_head() can change skb->data and thus packet header pointers,
don't use stale ip_hdr reference in ip_tunnel code.17) Backend state transition handling fixes in xen-netback, from Paul
Durrant.18) Packet offset for AH protocol is handled wrong in flow dissector,
from Eric Dumazet.19) Taking down an fq packet scheduler instance can leave stale packets
in the queues, fix from Eric Dumazet.20) Fix performance regressions introduced by TCP Small Queues. From
Eric Dumazet.21) IPV6 GRE tunneling code calculates max_headroom incorrectly, from
Hannes Frederic Sowa.22) Multicast timer handlers in ipv4 and ipv6 can be the last and final
reference to the ipv4/ipv6 specific network device state, so use the
reference put that will check and release the object if the
reference hits zero. From Salam Noureddine.23) Fix memory corruption in ip_tunnel driver, and use skb_push()
instead of __skb_push() so that similar bugs are less hard to find.
From Steffen Klassert.24) Add forgotten hookup of rtnl_ops in SIT and ip6tnl drivers, from
Nicolas Dichtel.25) fq scheduler doesn't accurately rate limit in certain circumstances,
from Eric Dumazet.* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (103 commits)
pkt_sched: fq: rate limiting improvements
ip6tnl: allow to use rtnl ops on fb tunnel
sit: allow to use rtnl ops on fb tunnel
ip_tunnel: Remove double unregister of the fallback device
ip_tunnel_core: Change __skb_push back to skb_push
ip_tunnel: Add fallback tunnels to the hash lists
ip_tunnel: Fix a memory corruption in ip_tunnel_xmit
qlcnic: Fix SR-IOV configuration
ll_temac: Reset dma descriptors indexes on ndo_open
skbuff: size of hole is wrong in a comment
ipv6 mcast: use in6_dev_put in timer handlers instead of __in6_dev_put
ipv4 igmp: use in_dev_put in timer handlers instead of __in_dev_put
ethernet: moxa: fix incorrect placement of __initdata tag
ipv6: gre: correct calculation of max_headroom
powerpc/83xx: gianfar_ptp: select 1588 clock source through dts file
Revert "powerpc/83xx: gianfar_ptp: select 1588 clock source through dts file"
bonding: Fix broken promiscuity reference counting issue
tcp: TSQ can use a dynamic limit
dm9601: fix IFF_ALLMULTI handling
pkt_sched: fq: qdisc dismantle fixes
...
01 Oct, 2013
4 commits
-
Currently IEEE 1588 timer reference clock source is determined through
hard-coded value in gianfar_ptp driver. This patch allows to select ptp
clock source by means of device tree file node.For instance:
fsl,cksel = ;
for using external (TSEC_TMR_CLK input) high precision timer
reference clock.Other acceptable values:
: eTSEC system clock
: eTSEC1 transmit clock
: RTC clock inputWhen this attribute isn't used, eTSEC system clock will serve as
IEEE 1588 timer reference clock.Signed-off-by: Aida Mynzhasova
Acked-by: Kumar Gala
Signed-off-by: David S. Miller -
This reverts commit 894116bd0e9b7749a0c4b6c62dec13c2a0ccef68.
I applied the wrong version of this patch, correct
version coming up.Signed-off-by: David S. Miller
-
Recently commit bab55417b10c ("block: support embedded device command
line partition") introduced CONFIG_CMDLINE_PARSER. However, that name
is too generic and sounds like it enables/disables generic kernel boot
arg processing, when it really is block specific.Before this option becomes a part of a full/final release, add the BLK_
prefix to it so that it is clear in absence of any other context that it
is block specific.In addition, fix up the following less critical items:
- help text was not really at all helpful.
- index file for Documentation was not updated
- add the new arg to Documentation/kernel-parameters.txt
- clarify wording in source commentsSigned-off-by: Paul Gortmaker
Cc: Jens Axboe
Cc: Cai Zhiyong
Cc: Wei Yongjun
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds -
Han Pingtian found a typo in Documentation/kernel-parameters.txt about
"kernelcore=", that "kernelcore" should be replaced with "Movable" here.Signed-off-by: Weiping Pan
Acked-by: Mel Gorman
Cc: Randy Dunlap
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds