This adds the ability audit the actions of a not-yet-running process.

This patch implements the ability to filter on the executable path.  Instead of
just hard coding the ino and dev of the executable we care about at the moment
the rule is inserted into the kernel, use the new audit_fsnotify
infrastructure to manage this dynamically.  This means that if the filename
does not yet exist but the containing directory does, or if the inode in
question is unlinked and creat'd (aka updated) the rule will just continue to
work.  If the containing directory is moved or deleted or the filesystem is
unmounted, the rule is deleted automatically.  A future enhancement would be to
have the rule survive across directory disruptions.

This is a heavily modified version of a patch originally submitted by Eric
Paris with some ideas from Peter Moody.

Cc: Peter Moody <peter@hda3.com>
Cc: Eric Paris <eparis@redhat.com>
Signed-off-by: NRichard Guy Briggs <rgb@redhat.com>
[PM: minor whitespace clean to satisfy ./scripts/checkpatch]
Signed-off-by: NPaul Moore <pmoore@redhat.com>

This is to be used to audit by executable path rules, but audit watches should
be able to share this code eventually.

At the moment the audit watch code is a lot more complex.  That code only
creates one fsnotify watch per parent directory.  That 'audit_parent' in
turn has a list of 'audit_watches' which contain the name, ino, dev of
the specific object we care about.  This just creates one fsnotify watch
per object we care about.  So if you watch 100 inodes in /etc this code
will create 100 fsnotify watches on /etc.  The audit_watch code will
instead create 1 fsnotify watch on /etc (the audit_parent) and then 100
individual watches chained from that fsnotify mark.

We should be able to convert the audit_watch code to do one fsnotify
mark per watch and simplify things/remove a whole lot of code.  After
that conversion we should be able to convert the audit_fsnotify code to
support that hierarchy if the optimization is necessary.

Move the access to the entry for audit_match_signal() to the beginning of
the audit_del_rule() function in case the entry found is the same one passed
in.  This will enable it to be used by audit_autoremove_mark_rule(),
kill_rules() and audit_remove_parent_watches().

This is a heavily modified and merged version of two patches originally
submitted by Eric Paris.

Cc: Peter Moody <peter@hda3.com>
Cc: Eric Paris <eparis@redhat.com>
Signed-off-by: NRichard Guy Briggs <rgb@redhat.com>
[PM: added a space after a declaration to keep ./scripts/checkpatch happy]
Signed-off-by: NPaul Moore <pmoore@redhat.com>

Clean up a number of places were casted magic numbers are used to represent
unset inode and device numbers in preparation for the audit by executable path
patch set.
Signed-off-by: NRichard Guy Briggs <rgb@redhat.com>
[PM: enclosed the _UNSET macros in parentheses for ./scripts/checkpatch]
Signed-off-by: NPaul Moore <pmoore@redhat.com>

Move the access to the entry for audit_match_signal() to earlier in the
function in case the entry found is the same one passed in.  This will enable
it to be used by audit_remove_mark_rule().
Signed-off-by: NRichard Guy Briggs <rgb@redhat.com>
[PM: tweaked subject line as it no longer made sense after multiple revs]
Signed-off-by: NPaul Moore <pmoore@redhat.com>

As reported by the 0-Day testing service:

   kernel/auditfilter.c: In function 'audit_rule_change':
>> kernel/auditfilter.c:864:6: warning: 'err' may be used uninit...
     int err;

Cc: Richard Guy Briggs <rgb@redhat.com>
Signed-off-by: NPaul Moore <pmoore@redhat.com>

The audit watch parent count was imbalanced, adding an unnecessary layer of
watch parent references.  Decrement the additional parent reference when a
watch is reused, already having a reference to the parent.

audit_find_parent() gets a reference to the parent, if the parent is
already known.  This additional parental reference is not needed if the
watch is subsequently found by audit_add_to_parent(), and consumed if
the watch does not already exist, so we need to put the parent if the
watch is found, and do nothing if this new watch is added to the parent.

If the parent wasn't already known, it is created with a refcount of 1
and added to the audit_watch_group, then incremented by one to be
subsequently consumed by the newly created watch in
audit_add_to_parent().

The rule points to the watch, not to the parent, so the rule's refcount
gets bumped, not the parent's.

See LKML, 2015-07-16
Signed-off-by: NRichard Guy Briggs <rgb@redhat.com>
Signed-off-by: NPaul Moore <pmoore@redhat.com>

The audit watch count was imbalanced, adding an unnecessary layer of watch
references.  Only add the second reference when it is added to a parent.
Signed-off-by: NRichard Guy Briggs <rgb@redhat.com>
Signed-off-by: NPaul Moore <pmoore@redhat.com>

strnlen_user() returns 0 when it hits fault, not -1. Fix the test in
audit_log_single_execve_arg(). Luckily this shouldn't ever happen unless
there's a kernel bug so it's mostly a cosmetic fix.

CC: Paul Moore <pmoore@redhat.com>
Signed-off-by: NJan Kara <jack@suse.cz>
Signed-off-by: NPaul Moore <pmoore@redhat.com>

Signed-off-by: NMikhail Klementyev <jollheef@riseup.net>
[PM: patch applied by hand due to HTML mangling, rewrote subject line]
Signed-off-by: NPaul Moore <pmoore@redhat.com>

Signed-off-by: NShailendra Verma <shailendra.capricorn@gmail.com>
[PM: tweaked subject line]
Signed-off-by: NPaul Moore <pmoore@redhat.com>

The LSM_AUDIT_DATA_TASK pid= and comm= labels are duplicates of those at the
start of this function with different values.  Rename them to their object
counterparts opid= and ocomm= to disambiguate.
Signed-off-by: NRichard Guy Briggs <rgb@redhat.com>
[PM: minor merging needed due to differences in the tree]
Signed-off-by: NPaul Moore <pmoore@redhat.com>

Pull vfs and fs fixes from Al Viro:
 "Several AIO and OCFS2 fixes"

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
  ocfs2: _really_ sync the right range
  ocfs2_file_write_iter: keep return value and current position update in sync
  [regression] ocfs2: do *not* increment ->ki_pos twice
  ioctx_alloc(): fix vma (and file) leak on failure
  fix mremap() vs. ioctx_kill() race

Pull last minute thermal-SoC management fixes from Eduardo Valentin:
 "Specifics:

   - Minor fixes on ST and RCAR thermal drivers.
   - Avoid flooding kernel log when driver returns -EAGAIN.

  Note: I am sending this pull on Rui's behalf while he fixes issues in
  his Linux box"

* 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/evalenti/linux-soc-thermal:
  drivers: thermal: st: remove several sparse warnings
  thermal: constify of_device_id array
  thermal: Do not log an error if thermal_zone_get_temp returns -EAGAIN
  thermal: rcar: Fix typo in r8a73a4 SoC name

Pull last-minute ASoC fix from Mark Brown:
 "This patch backs out a change that came in during the merge window
  which selects a configuration for GPIO4 on pcm512x CODECs that may not
  be suitable for all systems using the device.  Changes for v4.1 will
  make this properly configurable but for now it's safest to revert to
  the v3.19 behaviour and leave the pin configuration alone.

  Sorry for sending this direct at the last minute but due to the GPIO
  misuse it'd be really good to get it in the release and I'd not
  realised it hadn't been sent yet - between some travel, a job change
  and other non-urgent fixes coming in I'd lost track of the urgency.

  It's been in -next for several weeks now, is isolated to the driver
  and fairly clear to inspection"

* tag 'asoc-fix-v4.0-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound:
  ASoC: pcm512x: Remove hardcoding of pll-lock to GPIO4

Currently GPIO4 is hardcoded to output the pll-lock signal.
Unfortunately this is after the pll-out GPIO is configured which
is selectable in the device tree. Therefore it is not possible to
use GPIO4 for pll-out. Therefore this patch removes the
configuration of GPIO4.
Signed-off-by: NHoward Mitchell <hm@hmbedded.co.uk>
Signed-off-by: NMark Brown <broonie@kernel.org>

This reverts commit ecc19d17.

It added a new warning to try to encourage driver writers to set the
device capabities properly, but drivers haven't been updated and in the
meantime it just generaters a scary message that users cannot actually
do anything about.

Warnings like these are appropriate if you actually expect to fix the
code that causes them.  They are not appropriate for releases.
Requested-by: NPeter Hurley <peter@hurleysoftware.com>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

Jan Engelhardt reports a strange oops with an invalid ->sense_buffer
pointer in scsi_init_cmd_errh() with the blk-mq code.

The sense_buffer pointer should have been initialized by the call to
scsi_init_request() from blk_mq_init_rq_map(), but there seems to be
some non-repeatable memory corruptor.

This patch makes sure we initialize the whole struct request allocation
(and the associated 'struct scsi_cmnd' for the SCSI case) to zero, by
using __GFP_ZERO in the allocation.  The old code initialized a couple
of individual fields, leaving the rest undefined (although many of them
are then initialized in later phases, like blk_mq_rq_ctx_init() etc.

It's not entirely clear why this matters, but it's the rigth thing to do
regardless, and with 4.0 imminent this is the defensive "let's just make
sure everything is initialized properly" patch.
Tested-by: NJan Engelhardt <jengelh@inai.de>
Acked-by: NJens Axboe <axboe@kernel.dk>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>

Pull dmaengine fix from Vinod Koul:
 "I have one more fix to fix the boot warning on cppi driver due to
  missing capabilities"

* 'fixes' of git://git.infradead.org/users/vkoul/slave-dma:
  dmaengine: cppi41: add missing bitfields

Pull late ipmi fixes from Corey Minyard:
 "Some annoying issues in the IPMI driver that would be good to have
  fixed before 4.0 is released.

  These got reported or discovered late, but they will avoid some
  situations that would cause lots of log spam and in one case a
  deadlock"

* tag 'for-linus-4.0-1' of git://git.code.sf.net/p/openipmi/linux-ipmi:
  ipmi_ssif: Use interruptible completion for waiting in the thread
  ipmi/powernv: Fix minor locking bug
  ipmi: Handle BMCs that don't allow clearing the rcv irq bit

Add missing directions, residue_granularity,
srd_addr_widths and dst_addr_widths bitfields.

Without those we will see a kernel WARN()
when loading musb on am335x devices.
Signed-off-by: NFelipe Balbi <balbi@ti.com>
Signed-off-by: NVinod Koul <vinod.koul@intel.com>

The code was using an normal completion, but that caused stuck
task errors after a while.  Use an interruptible one to avoid that.
Signed-off-by: NCorey Minyard <cminyard@mvista.com>

If ipmi_powernv_recv(...) is called without a current message it
prints a warning and returns. However it fails to release the message
lock causing the system to dead lock during any subsequent IPMI
operations.

This error path should never normally be taken unless there are bugs
elsewhere in the system.
Signed-off-by: NAlistair Popple <alistair@popple.id.au>
Signed-off-by: NCorey Minyard <cminyard@mvista.com>

Some BMCs don't let you clear the receive irq bit in the global
enables.  This is kind of silly, but they give an error if you
try to clear it.  Compensate for this by detecting the situation
and working around it.
Signed-off-by: NCorey Minyard <cminyard@mvista.com>
Tested-by: NThomas D <whissi@whissi.de>
Reviewed-by: NThomas D <whissi@whissi.de>

Pull SCSI fixes from James Bottomley:
 "This is our remaining set of three fixes for 4.0: two oops fixes(one
  for cable pulls triggering oopses and the other be2iscsi specific) and
  one warn on in sysfs on multipath devices using enclosures"

* tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
  Defer processing of REQ_PREEMPT requests for blocked devices
  be2iscsi: Fix kernel panic when device initialization fails
  enclosure: fix WARN_ON removing an adapter in multi-path devices

Pull SCSI target fixes from Nicholas Bellinger:
 "Just a few small fixes:

  Two from Andy, the first addresses a v4.0 target specific regression
  to a user visible configfs attribute, and the second adds a set of
  missing brackets around IPv6 discovery portal information within
  iscsi-target.

  And one from Mike that fixes an OOPs regression in traditional
  iscsi-target when an iovec allocation fails, that has been present
  since v3.10.y code.  (CC'd to stable)"

* git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending:
  iscsi target: fix oops when adding reject pdu
  iscsi-target: TargetAddress in SendTargets should bracket ipv6 addresses
  target: Allow userspace to write 1 to attrib/emulate_fua_write

This fixes a oops due to a double list add when adding a reject PDU for
iscsit_allocate_iovecs allocation failures. The cmd has already been
added to the conn_cmd_list in iscsit_setup_scsi_cmd, so this has us call
iscsit_reject_cmd.

Note that for ERL0 the reject PDU is not actually sent, so this patch
is not completely tested. Just verified we do not oops. The problem is the
add reject functions return -1 which is returned all the way up to
iscsi_target_rx_thread which for ERL0 will drop the connection.
Signed-off-by: NMike Christie <michaelc@cs.wisc.edu>
Cc: <stable@vger.kernel.org> # v3.10+
Signed-off-by: NNicholas Bellinger <nab@linux-iscsi.org>

Pull sound fixes from Takashi Iwai:
 "Here are fixes gathered for 4.0-final; one FireFire endian fix, two
  USB-audio quirks, and three HD-audio quirks.

  All relatively small and device-specific fixes, should be pretty safe
  to apply"

* tag 'sound-4.0' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
  ALSA: usb - Creative USB X-Fi Pro SB1095 volume knob support
  ALSA: hda - Fix headphone pin config for Lifebook T731
  ALSA: bebob: fix to processing in big-endian machine for sending cue
  ALSA: hda/realtek - Make more stable to get pin sense for ALC283
  ALSA: usb-audio: don't try to get Benchmark DAC1 sample rate
  ALSA: hda/realtek - Support Dell headset mode for ALC256

Pull arch/nios2 fixes from Ley Foon Tan:
 "There are 3 arch/nios2 fixes for 4.0 final:

   - fix cache coherency issue when debugging with gdb

   - move restart_block to struct task_struct (aligned with other
     architectures)

   - fix for missing registers defines for ptrace"

* tag 'nios2-fixes-v4.0-final' of git://git.rocketboards.org/linux-socfpga-next:
  nios2: fix cache coherency issue when debug with gdb
  nios2: add missing ptrace registers defines
  nios2: signal: Move restart_block to struct task_struct

Remove the end address checking for flushda function. We need to flush
each address line for flushda instruction, from start to end address.
This is because flushda instruction only flush the cache if tag and line
fields are matched.

Change to use ldwio instruction (bypass cache) to load the instruction
that causing trap. Our interest is the actual instruction that executed
by the processor, this should be uncached.
Note, EA address might be an userspace cached address.
Signed-off-by: NLey Foon Tan <lftan@altera.com>

Pull power management and ACPI fixes from Rafael Wysocki:
 "These are stable-candidate fixes of some recently reported issues in
  the cpufreq core, cpuidle core, the ACPI cpuidle driver and the
  hibernate core.

  Specifics:

   - Revert a 3.17 hibernate commit that was supposed to fix an issue
     related to e820 reserved regions, but broke resume from hibernation
     on Lenovo x230 (Rafael J Wysocki).

   - Prevent the ACPI cpuidle driver from overwriting the name and
     description of the C0 state set by the core when the list of
     C-states changes (Thomas Schlichter).

   - Remove the no longer needed state_count field from struct
     cpuidle_device which prevents the list of C-states shown by the
     sysfs interface from becoming incorrect when the current number of
     them is different from the number of C-states on boot (Bartlomiej
     Zolnierkiewicz).

   - The cpufreq core updates the policy object of the only online CPU
     during system resume to make it reflect the current hardware state,
     but it always assumes that CPU to be CPU0 which need not be the
     case, so fix the code to avoid that assumption (Viresh Kumar)"

* tag 'pm+acpi-4.0-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
  Revert "PM / hibernate: avoid unsafe pages in e820 reserved regions"
  cpuidle: ACPI: do not overwrite name and description of C0
  cpuidle: remove state_count field from struct cpuidle_device
  cpufreq: Schedule work for the first-online CPU on resume

* pm-sleep:
  Revert "PM / hibernate: avoid unsafe pages in e820 reserved regions"

* pm-cpufreq:
  cpufreq: Schedule work for the first-online CPU on resume

* pm-cpuidle:
  cpuidle: ACPI: do not overwrite name and description of C0
  cpuidle: remove state_count field from struct cpuidle_device

Pull PCI fixes from Bjorn Helgaas:
 "Here are some fixes for v4.0.  I apologize for how late they are.  We
  were hoping for some better fixes, but couldn't get them polished in
  time.  These fix:

   - a Xen domU oops with PCI passthrough devices
   - a sparc T5 boot failure
   - a STM SPEAr13xx crash (use after initdata freed)
   - a cpcihp hotplug driver thinko
   - an AER thinko that printed stack junk

  Details:

  Enumeration
    - Don't look for ACPI hotplug parameters if ACPI is disabled (Bjorn Helgaas)

  Resource management
    - Revert "sparc/PCI: Clip bridge windows to fit in upstream windows" (Bjorn Helgaas)

  AER
    - Avoid info leak in __print_tlp_header() (Rasmus Villemoes)

  PCI device hotplug
    - Add missing curly braces in cpci_configure_slot() (Dan Carpenter)

  ST Microelectronics SPEAr13xx host bridge driver
    - Drop __initdata from spear13xx_pcie_driver (Matwey V. Kornilov)

* tag 'pci-v4.0-fixes-3' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci:
  Revert "sparc/PCI: Clip bridge windows to fit in upstream windows"
  PCI: Don't look for ACPI hotplug parameters if ACPI is disabled
  PCI: cpcihp: Add missing curly braces in cpci_configure_slot()
  PCI/AER: Avoid info leak in __print_tlp_header()
  PCI: spear: Drop __initdata from spear13xx_pcie_driver

Adds an entry for Creative USB X-Fi to the rc_config array in
mixer_quirks.c to allow use of volume knob on the device.
Adds support for newer X-Fi Pro card, known as "Model No. SB1095"
with USB ID "041e:3237"
Signed-off-by: NDmitry M. Fedin <dmitry.fedin@gmail.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: NTakashi Iwai <tiwai@suse.de>

"ocfs2 syncs the wrong range" had been broken; prior to it the
code was doing the wrong thing in case of O_APPEND, all right,
but _after_ it we were syncing the wrong range in 100% cases.
*ppos, aka iocb->ki_pos is incremented prior to that point,
so we are always doing sync on the area _after_ the one we'd
written to.

Spotted by Joseph Qi <joseph.qi@huawei.com> back in January;
unfortunately, I'd missed his mail back then ;-/

Cc: stable@vger.kernel.org
Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>

These are all register available in nios2.
Signed-off-by: NLey Foon Tan <lftan@altera.com>

Pull drm fixes from Dave Airlie:
 "Final drm fixes: one core locking imbalance regression, and a bunch of
  i915 baytrail s/r fixes"

* 'drm-fixes' of git://people.freedesktop.org/~airlied/linux:
  drm: fix drm_mode_getconnector() locking imbalance regression
  drm/i915/vlv: remove wait for previous GFX clk disable request
  drm/i915/chv: Remove Wait for a previous gfx force-off
  drm/i915/vlv: save/restore the power context base reg

Pull ceph revert from Sage Weil:
 "This corrects a recent misadventure with __GFP_MEMALLOC and
  PF_MEMALLOC; it turns out it's not a good fit for RBD and we're better
  off relying on dirty page throttling"

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client:
  Revert "libceph: use memalloc flags for net IO"

Merge misc fixes from Andrew Morton:
 "Three fixes"

* emailed patches from Andrew Morton <akpm@linux-foundation.org>:
  mm: numa: disable change protection for vma(VM_HUGETLB)
  include/linux/dmapool.h: declare struct device
  mm: move zone lock to a different cache line than order-0 free page lists

Unlike most (all?) other copies from user space, kernel module loading
is almost unlimited in size.  So we do a potentially huge
"copy_from_user()" when we copy the module data from user space to the
kernel buffer, which can be a latency concern when preemption is
disabled (or voluntary).

Also, because 'copy_from_user()' clears the tail of the kernel buffer on
failures, even a *failed* copy can end up wasting a lot of time.

Normally neither of these are concerns in real life, but they do trigger
when doing stress-testing with trinity.  Running in a VM seems to add
its own overheadm causing trinity module load testing to even trigger
the watchdog.

The simple fix is to just chunk up the module loading, so that it never
tries to copy insanely big areas in one go.  That bounds the latency,
and also the amount of (unnecessarily, in this case) cleared memory for
the failure case.
Reported-by: NSasha Levin <sasha.levin@oracle.com>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>