1. 17 3月, 2014 2 次提交
    • K
      kallsyms: generalize address range checking · 78eb7159
      Kees Cook 提交于
      This refactors the address range checks to be generalized instead of
      specific to text range checks, in preparation for other range checks.
      Also extracts logic for "is the symbol absolute" into a function.
      Signed-off-by: NKees Cook <keescook@chromium.org>
      Signed-off-by: NRusty Russell <rusty@rustcorp.com.au>
      78eb7159
    • M
      module: LLVMLinux: Remove unused function warning from __param_check macro · 0283f9a5
      Mark Charlebois 提交于
      This code makes a compile time type check that is optimized away. Clang
      complains that it generates an unused function:
      
      linux/kernel/panic.c:471:1: warning: unused function '__check_panic'
            [-Wunused-function]
      core_param(panic, panic_timeout, int, 0644);
      ^
      linux/moduleparam.h:283:2: note: expanded from macro
            'core_param'
              param_check_##type(name, &(var));                               \
              ^
      <scratch space>:87:1: note: expanded from here
      param_check_int
      ^
      linux/moduleparam.h:369:34: note: expanded from macro
            'param_check_int'
      #define param_check_int(name, p) __param_check(name, p, int)
                                       ^
      linux/moduleparam.h:349:22: note: expanded from macro
            '__param_check'
              static inline type *__check_##name(void) { return(p); }
                                  ^
      <scratch space>:88:1: note: expanded from here
      __check_panic
      
      GCC won't complain for a static inline function but would if it was just
      a static function.
      
      Adding the unused attribute to the function declaration removes the warning.
      Per request from Rusty Russell it is marked as __always_unused as the code
      is meant to be optimized away.
      
      This code works for both GCC and clang.
      Signed-off-by: NMark Charlebois <charlebm@gmail.com>
      Signed-off-by: NBehan Webster <behanw@converseincode.com>
      Signed-off-by: NRusty Russell <rusty@rustcorp.com.au>
      0283f9a5
  2. 13 3月, 2014 4 次提交
    • M
      Fix: module signature vs tracepoints: add new TAINT_UNSIGNED_MODULE · 66cc69e3
      Mathieu Desnoyers 提交于
      Users have reported being unable to trace non-signed modules loaded
      within a kernel supporting module signature.
      
      This is caused by tracepoint.c:tracepoint_module_coming() refusing to
      take into account tracepoints sitting within force-loaded modules
      (TAINT_FORCED_MODULE). The reason for this check, in the first place, is
      that a force-loaded module may have a struct module incompatible with
      the layout expected by the kernel, and can thus cause a kernel crash
      upon forced load of that module on a kernel with CONFIG_TRACEPOINTS=y.
      
      Tracepoints, however, specifically accept TAINT_OOT_MODULE and
      TAINT_CRAP, since those modules do not lead to the "very likely system
      crash" issue cited above for force-loaded modules.
      
      With kernels having CONFIG_MODULE_SIG=y (signed modules), a non-signed
      module is tainted re-using the TAINT_FORCED_MODULE taint flag.
      Unfortunately, this means that Tracepoints treat that module as a
      force-loaded module, and thus silently refuse to consider any tracepoint
      within this module.
      
      Since an unsigned module does not fit within the "very likely system
      crash" category of tainting, add a new TAINT_UNSIGNED_MODULE taint flag
      to specifically address this taint behavior, and accept those modules
      within Tracepoints. We use the letter 'X' as a taint flag character for
      a module being loaded that doesn't know how to sign its name (proposed
      by Steven Rostedt).
      
      Also add the missing 'O' entry to trace event show_module_flags() list
      for the sake of completeness.
      Signed-off-by: NMathieu Desnoyers <mathieu.desnoyers@efficios.com>
      Acked-by: NSteven Rostedt <rostedt@goodmis.org>
      NAKed-by: NIngo Molnar <mingo@redhat.com>
      CC: Thomas Gleixner <tglx@linutronix.de>
      CC: David Howells <dhowells@redhat.com>
      CC: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
      Signed-off-by: NRusty Russell <rusty@rustcorp.com.au>
      66cc69e3
    • R
      module: remove MODULE_GENERIC_TABLE · cff26a51
      Rusty Russell 提交于
      MODULE_DEVICE_TABLE() calles MODULE_GENERIC_TABLE(); make it do the
      work directly.  This also removes a wart introduced in the last patch,
      where the alias is defined to be an unknown struct type "struct
      type##__##name##_device_id" instead of "struct type##_device_id" (it's
      an extern so GCC doesn't care, but it's wrong).
      
      The other user of MODULE_GENERIC_TABLE (ISAPNP_CARD_TABLE) is unused,
      so delete it.
      Signed-off-by: NRusty Russell <rusty@rustcorp.com.au>
      cff26a51
    • T
      module: allow multiple calls to MODULE_DEVICE_TABLE() per module · 21bdd17b
      Tom Gundersen 提交于
      Commit 78551277: "Input: i8042 - add PNP modaliases" had a bug, where the
      second call to MODULE_DEVICE_TABLE() overrode the first resulting in not all
      the modaliases being exposed.
      
      This fixes the problem by including the name of the device_id table in the
      __mod_*_device_table alias, allowing us to export several device_id tables
      per module.
      Suggested-by: NKay Sievers <kay@vrfy.org>
      Acked-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      Cc: Dmitry Torokhov <dmitry.torokhov@gmail.com>
      Signed-off-by: NTom Gundersen <teg@jklm.no>
      Signed-off-by: NRusty Russell <rusty@rustcorp.com.au>
      21bdd17b
    • J
      module: use pr_cont · 27bba4d6
      Jiri Slaby 提交于
      When dumping loaded modules, we print them one by one in separate
      printks. Let's use pr_cont as they are continuation prints.
      Signed-off-by: NJiri Slaby <jslaby@suse.cz>
      Cc: Rusty Russell <rusty@rustcorp.com.au>
      Signed-off-by: NRusty Russell <rusty@rustcorp.com.au>
      27bba4d6
  3. 12 3月, 2014 3 次提交
  4. 11 3月, 2014 12 次提交
  5. 10 3月, 2014 15 次提交
    • A
      get rid of fget_light() · bd2a31d5
      Al Viro 提交于
      instead of returning the flags by reference, we can just have the
      low-level primitive return those in lower bits of unsigned long,
      with struct file * derived from the rest.
      Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
      bd2a31d5
    • A
      00e188ef
    • L
      vfs: atomic f_pos accesses as per POSIX · 9c225f26
      Linus Torvalds 提交于
      Our write() system call has always been atomic in the sense that you get
      the expected thread-safe contiguous write, but we haven't actually
      guaranteed that concurrent writes are serialized wrt f_pos accesses, so
      threads (or processes) that share a file descriptor and use "write()"
      concurrently would quite likely overwrite each others data.
      
      This violates POSIX.1-2008/SUSv4 Section XSI 2.9.7 that says:
      
       "2.9.7 Thread Interactions with Regular File Operations
      
        All of the following functions shall be atomic with respect to each
        other in the effects specified in POSIX.1-2008 when they operate on
        regular files or symbolic links: [...]"
      
      and one of the effects is the file position update.
      
      This unprotected file position behavior is not new behavior, and nobody
      has ever cared.  Until now.  Yongzhi Pan reported unexpected behavior to
      Michael Kerrisk that was due to this.
      
      This resolves the issue with a f_pos-specific lock that is taken by
      read/write/lseek on file descriptors that may be shared across threads
      or processes.
      Reported-by: NYongzhi Pan <panyongzhi@gmail.com>
      Reported-by: NMichael Kerrisk <mtk.manpages@gmail.com>
      Cc: Al Viro <viro@zeniv.linux.org.uk>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
      9c225f26
    • A
      ocfs2 syncs the wrong range... · 1b56e989
      Al Viro 提交于
      Cc: stable@vger.kernel.org
      Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk>
      1b56e989
    • T
      libata: use wider match for blacklisting Crucial M500 · 83493d7e
      Tejun Heo 提交于
      We're now blacklisting "Crucial_CT???M500SSD1" and
      "Crucial_CT???M500SSD3".  Also, "Micron_M500*" is blacklisted which is
      about the same devices as the crucial branded ones.  Let's merge the
      two Crucial M500 entries and widen the match to
      "Crucial_CT???M500SSD*" so that we don't have to fiddle with new
      entries for similar devices.
      Signed-off-by: NTejun Heo <tj@kernel.org>
      Suggested-by: NLinus Torvalds <torvalds@linux-foundation.org>
      Cc: stable@vger.kernel.org
      83493d7e
    • L
      Linux 3.14-rc6 · fa389e22
      Linus Torvalds 提交于
      fa389e22
    • L
      Merge tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc · 79e61542
      Linus Torvalds 提交于
      Pull ARM SoC fixes from from Olof Johansson:
       "A collection of fixes for ARM platforms.  A little large due to us
        missing to do one last week, but there's nothing in particular here
        that is in itself large and scary.
      
        Mostly a handful of smaller fixes all over the place.  The majority is
        made up of fixes for OMAP, but there are a few for others as well.  In
        particular, there was a decision to rename a binding for the Broadcom
        pinctrl block that we need to go in before the final release since we
        then treat it as ABI"
      
      * tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc:
        ARM: dts: omap3-gta04: Add ti,omap36xx to compatible property to avoid problems with booting
        ARM: tegra: add LED options back into tegra_defconfig
        ARM: dts: omap3-igep: fix boot fail due wrong compatible match
        ARM: OMAP3: Fix pinctrl interrupts for core2
        pinctrl: Rename Broadcom Capri pinctrl binding
        pinctrl: refer to updated dt binding string.
        Update dtsi with new pinctrl compatible string
        ARM: OMAP: Kill warning in CPUIDLE code with !CONFIG_SMP
        ARM: OMAP2+: Add support for thumb mode on DT booted N900
        ARM: OMAP2+: clock: fix clkoutx2 with CLK_SET_RATE_PARENT
        ARM: OMAP4: hwmod: Fix SOFTRESET logic for OMAP4
        ARM: DRA7: hwmod data: correct the sysc data for spinlock
        ARM: OMAP5: PRM: Fix reboot handling
        ARM: sunxi: dt: Change the touchscreen compatibles
        ARM: sun7i: dt: Fix interrupt trigger types
      79e61542
    • L
      Merge tag 'nfs-for-3.14-5' of git://git.linux-nfs.org/projects/trondmy/linux-nfs · fe9ea91c
      Linus Torvalds 提交于
      Pull NFS client bugfixes from Trond Myklebust:
       "Highlights include:
      
         - Fix another nfs4_sequence corruptor in RELEASE_LOCKOWNER
         - Fix an Oopsable delegation callback race
         - Fix another bad stateid infinite loop
         - Fail the data server I/O is the stateid represents a lost lock
         - Fix an Oopsable sunrpc trace event"
      
      * tag 'nfs-for-3.14-5' of git://git.linux-nfs.org/projects/trondmy/linux-nfs:
        SUNRPC: Fix oops when trace sunrpc_task events in nfs client
        NFSv4: Fail the truncate() if the lock/open stateid is invalid
        NFSv4.1 Fail data server I/O if stateid represents a lost lock
        NFSv4: Fix the return value of nfs4_select_rw_stateid
        NFSv4: nfs4_stateid_is_current should return 'true' for an invalid stateid
        NFS: Fix a delegation callback race
        NFSv4: Fix another nfs4_sequence corruptor
      fe9ea91c
    • L
      Merge tag 'usb-3.14-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb · cf8bf7cd
      Linus Torvalds 提交于
      Pull USB fixes from Greg KH:
       "Here are 4 USB fixes for your current tree.
      
        Two of them are reverts to hopefully resolve the nasty XHCI
        regressions we have been having on some types of devices.  The other
        two are quirks for some Logitech video devices"
      
      * tag 'usb-3.14-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb:
        Revert "USBNET: ax88179_178a: enable tso if usb host supports sg dma"
        Revert "xhci 1.0: Limit arbitrarily-aligned scatter gather."
        usb: Make DELAY_INIT quirk wait 100ms between Get Configuration requests
        usb: Add device quirk for Logitech HD Pro Webcams C920 and C930e
      cf8bf7cd
    • L
      Merge tag 'staging-3.15-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging · a491ce72
      Linus Torvalds 提交于
      Pull staging driver tree fix from Greg KH:
       "Here is a single staging driver fix for your tree.
      
        It resolves an issue with arbritary writes to memory if a specific
        driver is loaded"
      
      * tag 'staging-3.15-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging:
        staging/cxt1e1/linux.c: Correct arbitrary memory write in c4_ioctl()
      a491ce72
    • D
      KEYS: Make the keyring cycle detector ignore other keyrings of the same name · 979e0d74
      David Howells 提交于
      This fixes CVE-2014-0102.
      
      The following command sequence produces an oops:
      
      	keyctl new_session
      	i=`keyctl newring _ses @s`
      	keyctl link @s $i
      
      The problem is that search_nested_keyrings() sees two keyrings that have
      matching type and description, so keyring_compare_object() returns true.
      s_n_k() then passes the key to the iterator function -
      keyring_detect_cycle_iterator() - which *should* check to see whether this is
      the keyring of interest, not just one with the same name.
      
      Because assoc_array_find() will return one and only one match, I assumed that
      the iterator function would only see an exact match or never be called - but
      the iterator isn't only called from assoc_array_find()...
      
      The oops looks something like this:
      
      	kernel BUG at /data/fs/linux-2.6-fscache/security/keys/keyring.c:1003!
      	invalid opcode: 0000 [#1] SMP
      	...
      	RIP: keyring_detect_cycle_iterator+0xe/0x1f
      	...
      	Call Trace:
      	  search_nested_keyrings+0x76/0x2aa
      	  __key_link_check_live_key+0x50/0x5f
      	  key_link+0x4e/0x85
      	  keyctl_keyring_link+0x60/0x81
      	  SyS_keyctl+0x65/0xe4
      	  tracesys+0xdd/0xe2
      
      The fix is to make keyring_detect_cycle_iterator() check that the key it
      has is the key it was actually looking for rather than calling BUG_ON().
      
      A testcase has been included in the keyutils testsuite for this:
      
      	http://git.kernel.org/cgit/linux/kernel/git/dhowells/keyutils.git/commit/?id=891f3365d07f1996778ade0e3428f01878a1790bReported-by: NTommi Rantala <tt.rantala@gmail.com>
      Signed-off-by: NDavid Howells <dhowells@redhat.com>
      Acked-by: NJames Morris <james.l.morris@oracle.com>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      979e0d74
    • L
      Merge branch 'for-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/rzhang/linux · 1dc3217d
      Linus Torvalds 提交于
      Pull thermal fixes from Zhang Rui:
       "Specifics:
      
         - Update the help text of INT3403 Thermal driver, which was not
           friendly to users.  From Zhang Rui.
      
         - The "type" sysfs attribute of x86_pkg_temp_thermal registered
           thermal zones includes an instance number, which makes the
           thermal-to-hwmon bridge fails to group them all in a single hwmon
           device.  Fixed by Jean Delvare.
      
         - The hwmon device registered by x86_pkg_temp_thermal driver is
           redundant because the temperature value reported by
           x86_pkg_temp_thermal is already reported by the coretemp driver.
           Fixed by Jean Delvare.
      
         - Fix a problem that the cooling device can not be updated properly
           if it is initialized at max cooling state.  From Ni Wade.
      
         - Fix a problem that OF registered thermal zones are running without
           thermal governors.  From Zhang Rui.
      
         - Commit beeb5a1e ("thermal: rcar-thermal: Enable driver
           compilation with COMPILE_TEST") broke build on archs wihout io
           memory.  Thus make it depend on HAS_IOMEM to bypass build failures.
           Fixed by Richard Weinberger"
      
      * 'for-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/rzhang/linux:
        Thermal: thermal zone governor fix
        Thermal: Allow first update of cooling device state
        thermal,rcar_thermal: Add dependency on HAS_IOMEM
        x86_pkg_temp_thermal: Fix the thermal zone type
        x86_pkg_temp_thermal: Do not expose as a hwmon device
        Thermal: update INT3404 thermal driver help text
      1dc3217d
    • L
      Merge tag 'spi-v3.14-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi · 4aa41ba7
      Linus Torvalds 提交于
      Pull spi fixes from Mark Brown:
       "A scattering of driver specific fixes here.
      
        The fixes from Axel cover bitrot in apparently unmaintained drivers,
        the at79 bug is fixing a glitch on /CS during initialisation of some
        devices which could break some slaves and the remainder are fixes for
        recently introduced bugs from the past release cycle or so"
      
      * tag 'spi-v3.14-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi:
        spi: atmel: add missing spi_master_{resume,suspend} calls to PM callbacks
        spi: coldfire-qspi: Fix getting correct address for *mcfqspi
        spi: fsl-dspi: Fix getting correct address for master
        spi: spi-ath79: fix initial GPIO CS line setup
        spi: spi-imx: spi_imx_remove: do not disable disabled clocks
        spi-topcliff-pch: Fix probing when DMA mode is used
        spi/topcliff-pch: Fix DMA channel
      4aa41ba7
    • L
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending · 66a523db
      Linus Torvalds 提交于
      Pull SCSI target fixes from Nicholas Bellinger:
       "This series addresses a number of outstanding issues wrt to active I/O
        shutdown using iser-target.  This includes:
      
         - Fix a long standing tpg_state bug where a tpg could be referenced
           during explicit shutdown (v3.1+ stable)
         - Use list_del_init for iscsi_cmd->i_conn_node so list_empty checks
           work as expected (v3.10+ stable)
         - Fix a isert_conn->state related hung task bug + ensure outstanding
           I/O completes during session shutdown.  (v3.10+ stable)
         - Fix isert_conn->post_send_buf_count accounting for RDMA READ/WRITEs
           (v3.10+ stable)
         - Ignore FRWR completions during active I/O shutdown (v3.12+ stable)
         - Fix command leakage for interrupt coalescing during active I/O
           shutdown (v3.13+ stable)
      
        Also included is another DIF emulation fix from Sagi specific to
        v3.14-rc code"
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending:
        Target/sbc: Fix sbc_copy_prot for offset scatters
        iser-target: Fix command leak for tx_desc->comp_llnode_batch
        iser-target: Ignore completions for FRWRs in isert_cq_tx_work
        iser-target: Fix post_send_buf_count for RDMA READ/WRITE
        iscsi/iser-target: Fix isert_conn->state hung shutdown issues
        iscsi/iser-target: Use list_del_init for ->i_conn_node
        iscsi-target: Fix iscsit_get_tpg_from_np tpg_state bug
      66a523db
    • R
      Revert "ACPI / sleep: pm_power_off needs more sanity checks to be installed" · 4c7b7040
      Rafael J. Wysocki 提交于
      Revert commit 3130497f ("ACPI / sleep: pm_power_off needs more
      sanity checks to be installed") that breaks power ACPI power off on a
      lot of systems, because it checks wrong registers.
      
      Fixes: 3130497f ("ACPI / sleep: pm_power_off needs more sanity checks to be installed")
      Signed-off-by: NRafael J. Wysocki <rafael.j.wysocki@intel.com>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      4c7b7040
  6. 09 3月, 2014 4 次提交