1. 12 9月, 2015 5 次提交
    • M
      sctp: fix race on protocol/netns initialization · 8e2d61e0
      Marcelo Ricardo Leitner 提交于
      Consider sctp module is unloaded and is being requested because an user
      is creating a sctp socket.
      
      During initialization, sctp will add the new protocol type and then
      initialize pernet subsys:
      
              status = sctp_v4_protosw_init();
              if (status)
                      goto err_protosw_init;
      
              status = sctp_v6_protosw_init();
              if (status)
                      goto err_v6_protosw_init;
      
              status = register_pernet_subsys(&sctp_net_ops);
      
      The problem is that after those calls to sctp_v{4,6}_protosw_init(), it
      is possible for userspace to create SCTP sockets like if the module is
      already fully loaded. If that happens, one of the possible effects is
      that we will have readers for net->sctp.local_addr_list list earlier
      than expected and sctp_net_init() does not take precautions while
      dealing with that list, leading to a potential panic but not limited to
      that, as sctp_sock_init() will copy a bunch of blank/partially
      initialized values from net->sctp.
      
      The race happens like this:
      
           CPU 0                           |  CPU 1
        socket()                           |
         __sock_create                     | socket()
          inet_create                      |  __sock_create
           list_for_each_entry_rcu(        |
              answer, &inetsw[sock->type], |
              list) {                      |   inet_create
            /* no hits */                  |
           if (unlikely(err)) {            |
            ...                            |
            request_module()               |
            /* socket creation is blocked  |
             * the module is fully loaded  |
             */                            |
             sctp_init                     |
              sctp_v4_protosw_init         |
               inet_register_protosw       |
                list_add_rcu(&p->list,     |
                             last_perm);   |
                                           |  list_for_each_entry_rcu(
                                           |     answer, &inetsw[sock->type],
              sctp_v6_protosw_init         |     list) {
                                           |     /* hit, so assumes protocol
                                           |      * is already loaded
                                           |      */
                                           |  /* socket creation continues
                                           |   * before netns is initialized
                                           |   */
              register_pernet_subsys       |
      
      Simply inverting the initialization order between
      register_pernet_subsys() and sctp_v4_protosw_init() is not possible
      because register_pernet_subsys() will create a control sctp socket, so
      the protocol must be already visible by then. Deferring the socket
      creation to a work-queue is not good specially because we loose the
      ability to handle its errors.
      
      So, as suggested by Vlad, the fix is to split netns initialization in
      two moments: defaults and control socket, so that the defaults are
      already loaded by when we register the protocol, while control socket
      initialization is kept at the same moment it is today.
      
      Fixes: 4db67e80 ("sctp: Make the address lists per network namespace")
      Signed-off-by: NVlad Yasevich <vyasevich@gmail.com>
      Signed-off-by: NMarcelo Ricardo Leitner <marcelo.leitner@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      8e2d61e0
    • T
      ebpf: emit correct src_reg for conditional jumps · 19539ce7
      Tycho Andersen 提交于
      Instead of always emitting BPF_REG_X, let's emit BPF_REG_X only when the
      source actually is BPF_X. This causes programs generated by the classic
      converter to not be importable via bpf(), as the eBPF verifier checks that
      the src_reg is correct or 0. While not a problem yet, this will be a
      problem when BPF_PROG_DUMP lands, and we can potentially dump and re-import
      programs generated by the converter.
      Signed-off-by: NTycho Andersen <tycho.andersen@canonical.com>
      CC: Alexei Starovoitov <ast@kernel.org>
      CC: Daniel Borkmann <daniel@iogearbox.net>
      Acked-by: NDaniel Borkmann <daniel@iogearbox.net>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      19539ce7
    • D
      netlink, mmap: transform mmap skb into full skb on taps · 1853c949
      Daniel Borkmann 提交于
      Ken-ichirou reported that running netlink in mmap mode for receive in
      combination with nlmon will throw a NULL pointer dereference in
      __kfree_skb() on nlmon_xmit(), in my case I can also trigger an "unable
      to handle kernel paging request". The problem is the skb_clone() in
      __netlink_deliver_tap_skb() for skbs that are mmaped.
      
      I.e. the cloned skb doesn't have a destructor, whereas the mmap netlink
      skb has it pointed to netlink_skb_destructor(), set in the handler
      netlink_ring_setup_skb(). There, skb->head is being set to NULL, so
      that in such cases, __kfree_skb() doesn't perform a skb_release_data()
      via skb_release_all(), where skb->head is possibly being freed through
      kfree(head) into slab allocator, although netlink mmap skb->head points
      to the mmap buffer. Similarly, the same has to be done also for large
      netlink skbs where the data area is vmalloced. Therefore, as discussed,
      make a copy for these rather rare cases for now. This fixes the issue
      on my and Ken-ichirou's test-cases.
      
      Reference: http://thread.gmane.org/gmane.linux.network/371129
      Fixes: bcbde0d4 ("net: netlink: virtual tap device management")
      Reported-by: NKen-ichirou MATSUZAWA <chamaken@gmail.com>
      Signed-off-by: NDaniel Borkmann <daniel@iogearbox.net>
      Tested-by: NKen-ichirou MATSUZAWA <chamaken@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      1853c949
    • L
      Merge tag 'sound-fix-4.3-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound · 64d1def7
      Linus Torvalds 提交于
      Pull sound fixes from Takashi Iwai:
       "A collection of small fixes since the last update: the HD-audio quirks
        as usual with a USB-audio fix and a trivial fix for the old sparc
        driver"
      
      * tag 'sound-fix-4.3-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
        ALSA: usb-audio: Change internal PCM order
        ALSA: hda - Fix white noise on Dell M3800
        ALSA: hda - Use ALC880_FIXUP_FUJITSU for FSC Amilo M1437
        ALSA: hda - Enable headphone jack detect on old Fujitsu laptops
        ALSA: sparc: amd7930: Fix module autoload for OF platform driver
        ALSA: hda - Add some FIXUP quirks for white noise on Dell laptop.
      64d1def7
    • L
      Merge branch 'drm-fixes' of git://people.freedesktop.org/~airlied/linux · 04d78e39
      Linus Torvalds 提交于
      Pull drm fixes from Dave Airlie:
       "Just a bunch of fixes to squeeze in before -rc1:
      
         - three nouveau regression fixes
      
         - one qxl regression fix
      
         - a bunch of i915 fixes
      
        ... and some core displayport/atomic fixes"
      
      * 'drm-fixes' of git://people.freedesktop.org/~airlied/linux:
        drm/nouveau/device: enable c800 quirk for tecra w50
        drm/nouveau/clk/gt215: Unbreak engine pausing for GT21x/MCP7x
        drm/nouveau/gr/nv04: fix big endian setting on gr context
        drm/qxl: validate monitors config modes
        drm/i915: Allow DSI dual link to be configured on any pipe
        drm/i915: Don't try to use DDR DVFS on CHV when disabled in the BIOS
        drm/i915: Fix CSR MMIO address check
        drm/i915: Limit the number of loops for reading a split 64bit register
        drm/i915: Fix broken mst get_hw_state.
        drm/i915: Pass hpd_status_i915[] to intel_get_hpd_pins() in pre-g4x
        uapi/drm/i915_drm.h: fix userspace compilation.
        drm/i915: Always mark the object as dirty when used by the GPU
        drm/dp: Add dp_aux_i2c_speed_khz module param to set the assume i2c bus speed
        drm/dp: Adjust i2c-over-aux retry count based on message size and i2c bus speed
        drm/dp: Define AUX_RETRY_INTERVAL as 500 us
        drm/atomic: Fix bookkeeping with TEST_ONLY, v3.
      04d78e39
  2. 11 9月, 2015 35 次提交
    • D
      Merge branch 'linux-4.3' of git://anongit.freedesktop.org/git/nouveau/linux-2.6 into drm-next · 9fbcc7c0
      Dave Airlie 提交于
      three nouveau regression fixes.
      * 'linux-4.3' of git://anongit.freedesktop.org/git/nouveau/linux-2.6:
        drm/nouveau/device: enable c800 quirk for tecra w50
        drm/nouveau/clk/gt215: Unbreak engine pausing for GT21x/MCP7x
        drm/nouveau/gr/nv04: fix big endian setting on gr context
      9fbcc7c0
    • L
      Merge branch 'for-4.3/blkcg' of git://git.kernel.dk/linux-block · b0a1ea51
      Linus Torvalds 提交于
      Pull blk-cg updates from Jens Axboe:
       "A bit later in the cycle, but this has been in the block tree for a a
        while.  This is basically four patchsets from Tejun, that improve our
        buffered cgroup writeback.  It was dependent on the other cgroup
        changes, but they went in earlier in this cycle.
      
        Series 1 is set of 5 patches that has cgroup writeback updates:
      
         - bdi_writeback iteration fix which could lead to some wb's being
           skipped or repeated during e.g. sync under memory pressure.
      
         - Simplification of wb work wait mechanism.
      
         - Writeback tracepoints updated to report cgroup.
      
        Series 2 is is a set of updates for the CFQ cgroup writeback handling:
      
           cfq has always charged all async IOs to the root cgroup.  It didn't
           have much choice as writeback didn't know about cgroups and there
           was no way to tell who to blame for a given writeback IO.
           writeback finally grew support for cgroups and now tags each
           writeback IO with the appropriate cgroup to charge it against.
      
           This patchset updates cfq so that it follows the blkcg each bio is
           tagged with.  Async cfq_queues are now shared across cfq_group,
           which is per-cgroup, instead of per-request_queue cfq_data.  This
           makes all IOs follow the weight based IO resource distribution
           implemented by cfq.
      
           - Switched from GFP_ATOMIC to GFP_NOWAIT as suggested by Jeff.
      
           - Other misc review points addressed, acks added and rebased.
      
        Series 3 is the blkcg policy cleanup patches:
      
           This patchset contains assorted cleanups for blkcg_policy methods
           and blk[c]g_policy_data handling.
      
           - alloc/free added for blkg_policy_data.  exit dropped.
      
           - alloc/free added for blkcg_policy_data.
      
           - blk-throttle's async percpu allocation is replaced with direct
             allocation.
      
           - all methods now take blk[c]g_policy_data instead of blkcg_gq or
             blkcg.
      
        And finally, series 4 is a set of patches cleaning up the blkcg stats
        handling:
      
          blkcg's stats have always been somwhat of a mess.  This patchset
          tries to improve the situation a bit.
      
           - The following patches added to consolidate blkcg entry point and
             blkg creation.  This is in itself is an improvement and helps
             colllecting common stats on bio issue.
      
           - per-blkg stats now accounted on bio issue rather than request
             completion so that bio based and request based drivers can behave
             the same way.  The issue was spotted by Vivek.
      
           - cfq-iosched implements custom recursive stats and blk-throttle
             implements custom per-cpu stats.  This patchset make blkcg core
             support both by default.
      
           - cfq-iosched and blk-throttle keep track of the same stats
             multiple times.  Unify them"
      
      * 'for-4.3/blkcg' of git://git.kernel.dk/linux-block: (45 commits)
        blkcg: use CGROUP_WEIGHT_* scale for io.weight on the unified hierarchy
        blkcg: s/CFQ_WEIGHT_*/CFQ_WEIGHT_LEGACY_*/
        blkcg: implement interface for the unified hierarchy
        blkcg: misc preparations for unified hierarchy interface
        blkcg: separate out tg_conf_updated() from tg_set_conf()
        blkcg: move body parsing from blkg_conf_prep() to its callers
        blkcg: mark existing cftypes as legacy
        blkcg: rename subsystem name from blkio to io
        blkcg: refine error codes returned during blkcg configuration
        blkcg: remove unnecessary NULL checks from __cfqg_set_weight_device()
        blkcg: reduce stack usage of blkg_rwstat_recursive_sum()
        blkcg: remove cfqg_stats->sectors
        blkcg: move io_service_bytes and io_serviced stats into blkcg_gq
        blkcg: make blkg_[rw]stat_recursive_sum() to be able to index into blkcg_gq
        blkcg: make blkcg_[rw]stat per-cpu
        blkcg: add blkg_[rw]stat->aux_cnt and replace cfq_group->dead_stats with it
        blkcg: consolidate blkg creation in blkcg_bio_issue_check()
        blk-throttle: improve queue bypass handling
        blkcg: move root blkg lookup optimization from throtl_lookup_tg() to __blkg_lookup()
        blkcg: inline [__]blkg_lookup()
        ...
      b0a1ea51
    • B
      drm/nouveau/device: enable c800 quirk for tecra w50 · 778613e5
      Ben Skeggs 提交于
      Signed-off-by: NBen Skeggs <bskeggs@redhat.com>
      778613e5
    • R
      drm/nouveau/clk/gt215: Unbreak engine pausing for GT21x/MCP7x · c5bf4609
      Roy Spliet 提交于
      Typo that snuck in with commit 6979c630Signed-off-by: NRoy Spliet <rspliet@eclipso.eu>
      Reported-by: NPierre Moreau <pierre.morrow@free.fr>
      Signed-off-by: NBen Skeggs <bskeggs@redhat.com>
      c5bf4609
    • I
      drm/nouveau/gr/nv04: fix big endian setting on gr context · 15ee0058
      Ilia Mirkin 提交于
      Broken since "gr: convert user classes to new-style nvkm_object"
      
      Tested on a PPC64 G5 + NV34
      Signed-off-by: NIlia Mirkin <imirkin@alum.mit.edu>
      Signed-off-by: NBen Skeggs <bskeggs@redhat.com>
      15ee0058
    • L
      Merge branch 'akpm' (patches from Andrew) · 33e247c7
      Linus Torvalds 提交于
      Merge third patch-bomb from Andrew Morton:
      
       - even more of the rest of MM
      
       - lib/ updates
      
       - checkpatch updates
      
       - small changes to a few scruffy filesystems
      
       - kmod fixes/cleanups
      
       - kexec updates
      
       - a dma-mapping cleanup series from hch
      
      * emailed patches from Andrew Morton <akpm@linux-foundation.org>: (81 commits)
        dma-mapping: consolidate dma_set_mask
        dma-mapping: consolidate dma_supported
        dma-mapping: cosolidate dma_mapping_error
        dma-mapping: consolidate dma_{alloc,free}_noncoherent
        dma-mapping: consolidate dma_{alloc,free}_{attrs,coherent}
        mm: use vma_is_anonymous() in create_huge_pmd() and wp_huge_pmd()
        mm: make sure all file VMAs have ->vm_ops set
        mm, mpx: add "vm_flags_t vm_flags" arg to do_mmap_pgoff()
        mm: mark most vm_operations_struct const
        namei: fix warning while make xmldocs caused by namei.c
        ipc: convert invalid scenarios to use WARN_ON
        zlib_deflate/deftree: remove bi_reverse()
        lib/decompress_unlzma: Do a NULL check for pointer
        lib/decompressors: use real out buf size for gunzip with kernel
        fs/affs: make root lookup from blkdev logical size
        sysctl: fix int -> unsigned long assignments in INT_MIN case
        kexec: export KERNEL_IMAGE_SIZE to vmcoreinfo
        kexec: align crash_notes allocation to make it be inside one physical page
        kexec: remove unnecessary test in kimage_alloc_crash_control_pages()
        kexec: split kexec_load syscall from kexec core code
        ...
      33e247c7
    • L
      Merge tag 'armsoc-late' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc · d71fc239
      Linus Torvalds 提交于
      Pull late ARM SoC updates from Kevin Hilman:
       "This is a collection of a few late fixes and other misc stuff that had
        dependencies on things being merged from other trees.
      
        The bulk of the changes are for samsung/exynos SoCs for some changes
        that needed a few minor reworks so ended up a bit late.  The others
        are mainly for qcom SoCs: a couple fixes and some DTS updates"
      
      * tag 'armsoc-late' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc: (37 commits)
        ARM: multi_v7_defconfig: Enable PBIAS regulator
        soc: qcom: smd: Correct fBLOCKREADINTR handling
        soc: qcom: smd: Use correct remote processor ID
        soc: qcom: smem: Fix errant private access
        ARM: dts: qcom: msm8974-sony-xperia-honami: Use stdout-path
        ARM: dts: qcom: msm8960-cdp: Use stdout-path
        ARM: dts: qcom: msm8660-surf: Use stdout-path
        ARM: dts: qcom: ipq8064-ap148: Use stdout-path
        ARM: dts: qcom: apq8084-mtp: Use stdout-path
        ARM: dts: qcom: apq8084-ifc6540: Use stdout-path
        ARM: dts: qcom: apq8074-dragonboard: Use stdout-path
        ARM: dts: qcom: apq8064-ifc6410: Use stdout-path
        ARM: dts: qcom: apq8064-cm-qs600: Use stdout-path
        ARM: dts: qcom: Label serial nodes for aliasing and stdout-path
        reset: ath79: Fix missing spin_lock_init
        reset: Add (devm_)reset_control_get stub functions
        ARM: EXYNOS: switch to using generic cpufreq driver for exynos4x12
        cpufreq: exynos: Remove unselectable rule for arm-exynos-cpufreq.o
        ARM: dts: add iommu property to JPEG device for exynos4
        ARM: dts: enable SPI1 for exynos4412-odroidu3
        ...
      d71fc239
    • D
      Merge tag 'topic/drm-fixes-2015-09-09' of git://anongit.freedesktop.org/drm-intel into drm-next · d1031d57
      Dave Airlie 提交于
      bunch of drm fixes.
      
      * tag 'topic/drm-fixes-2015-09-09' of git://anongit.freedesktop.org/drm-intel:
        drm/dp: Add dp_aux_i2c_speed_khz module param to set the assume i2c bus speed
        drm/dp: Adjust i2c-over-aux retry count based on message size and i2c bus speed
        drm/dp: Define AUX_RETRY_INTERVAL as 500 us
        drm/atomic: Fix bookkeeping with TEST_ONLY, v3.
      d1031d57
    • D
      Merge tag 'drm-intel-next-fixes-2015-09-10' of... · 91b6fc02
      Dave Airlie 提交于
      Merge tag 'drm-intel-next-fixes-2015-09-10' of git://anongit.freedesktop.org/drm-intel into drm-next
      
      Fixes headed for v4.3-rc1, including Maarten's DP MST state checker fix
      you requested.
      
      * tag 'drm-intel-next-fixes-2015-09-10' of git://anongit.freedesktop.org/drm-intel:
        drm/i915: Allow DSI dual link to be configured on any pipe
        drm/i915: Don't try to use DDR DVFS on CHV when disabled in the BIOS
        drm/i915: Fix CSR MMIO address check
        drm/i915: Limit the number of loops for reading a split 64bit register
        drm/i915: Fix broken mst get_hw_state.
        drm/i915: Pass hpd_status_i915[] to intel_get_hpd_pins() in pre-g4x
        uapi/drm/i915_drm.h: fix userspace compilation.
        drm/i915: Always mark the object as dirty when used by the GPU
      91b6fc02
    • J
      drm/qxl: validate monitors config modes · bd3e1c7c
      Jonathon Jongsma 提交于
      Due to some recent changes in
      drm_helper_probe_single_connector_modes_merge_bits(), old custom modes
      were not being pruned properly. In current kernels,
      drm_mode_validate_basic() is called to sanity-check each mode in the
      list. If the sanity-check passes, the mode's status gets set to to
      MODE_OK. In older kernels this check was not done, so old custom modes
      would still have a status of MODE_UNVERIFIED at this point, and would
      therefore be pruned later in the function.
      
      As a result of this new behavior, the list of modes for a device always
      includes every custom mode ever configured for the device, with the
      largest one listed first. Since desktop environments usually choose the
      first preferred mode when a hotplug event is emitted, this had the
      result of making it very difficult for the user to reduce the size of
      the display.
      
      The qxl driver did implement the mode_valid connector function, but it
      was empty. In order to restore the old behavior where old custom modes
      are pruned, we implement a proper mode_valid function for the qxl
      driver. This function now checks each mode against the last configured
      custom mode and the list of standard modes. If the mode doesn't match
      any of these, its status is set to MODE_BAD so that it will be pruned as
      expected.
      Signed-off-by: NJonathon Jongsma <jjongsma@redhat.com>
      Cc: stable@vger.kernel.org
      Signed-off-by: NDave Airlie <airlied@redhat.com>
      bd3e1c7c
    • L
      Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm · 519f526d
      Linus Torvalds 提交于
      Pull more kvm updates from Paolo Bonzini:
       "ARM:
         - Full debug support for arm64
         - Active state switching for timer interrupts
         - Lazy FP/SIMD save/restore for arm64
         - Generic ARMv8 target
      
        PPC:
         - Book3S: A few bug fixes
         - Book3S: Allow micro-threading on POWER8
      
        x86:
         - Compiler warnings
      
        Generic:
         - Adaptive polling for guest halt"
      
      * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm: (49 commits)
        kvm: irqchip: fix memory leak
        kvm: move new trace event outside #ifdef CONFIG_KVM_ASYNC_PF
        KVM: trace kvm_halt_poll_ns grow/shrink
        KVM: dynamic halt-polling
        KVM: make halt_poll_ns per-vCPU
        Silence compiler warning in arch/x86/kvm/emulate.c
        kvm: compile process_smi_save_seg_64() only for x86_64
        KVM: x86: avoid uninitialized variable warning
        KVM: PPC: Book3S: Fix typo in top comment about locking
        KVM: PPC: Book3S: Fix size of the PSPB register
        KVM: PPC: Book3S HV: Exit on H_DOORBELL if HOST_IPI is set
        KVM: PPC: Book3S HV: Fix race in starting secondary threads
        KVM: PPC: Book3S: correct width in XER handling
        KVM: PPC: Book3S HV: Fix preempted vcore stolen time calculation
        KVM: PPC: Book3S HV: Fix preempted vcore list locking
        KVM: PPC: Book3S HV: Implement H_CLEAR_REF and H_CLEAR_MOD
        KVM: PPC: Book3S HV: Fix bug in dirty page tracking
        KVM: PPC: Book3S HV: Fix race in reading change bit when removing HPTE
        KVM: PPC: Book3S HV: Implement dynamic micro-threading on POWER8
        KVM: PPC: Book3S HV: Make use of unused threads when running guests
        ...
      519f526d
    • L
      Merge tag 'for-linus-4.3-rc0b-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip · 06ab838c
      Linus Torvalds 提交于
      Pull xen terminology fixes from David Vrabel:
       "Use the correct GFN/BFN terms more consistently"
      
      * tag 'for-linus-4.3-rc0b-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip:
        xen/xenbus: Rename the variable xen_store_mfn to xen_store_gfn
        xen/privcmd: Further s/MFN/GFN/ clean-up
        hvc/xen: Further s/MFN/GFN clean-up
        video/xen-fbfront: Further s/MFN/GFN clean-up
        xen/tmem: Use xen_page_to_gfn rather than pfn_to_gfn
        xen: Use correctly the Xen memory terminologies
        arm/xen: implement correctly pfn_to_mfn
        xen: Make clear that swiotlb and biomerge are dealing with DMA address
      06ab838c
    • L
      Merge branch 'next' of git://git.monstr.eu/linux-2.6-microblaze · 573c577a
      Linus Torvalds 提交于
      Pull microblaze update from Michal Simek.
      
      * 'next' of git://git.monstr.eu/linux-2.6-microblaze:
        elf-em.h: move EM_MICROBLAZE to the common header
      573c577a
    • L
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rkuo/linux-hexagon-kernel · 0cdf5a46
      Linus Torvalds 提交于
      Pull hexagon updates from Richard Kuo:
       "Just two fixes -- one for a uapi header and one for a timer interface"
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rkuo/linux-hexagon-kernel:
        Revert "Hexagon: fix signal.c compile error"
        hexagon/time: Migrate to new 'set-state' interface
      0cdf5a46
    • L
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · 65c61bc5
      Linus Torvalds 提交于
      Pull networking fixes from David Miller:
      
       1) Fix out-of-bounds array access in netfilter ipset, from Jozsef
          Kadlecsik.
      
       2) Use correct free operation on netfilter conntrack templates, from
          Daniel Borkmann.
      
       3) Fix route leak in SCTP, from Marcelo Ricardo Leitner.
      
       4) Fix sizeof(pointer) in mac80211, from Thierry Reding.
      
       5) Fix cache pointer comparison in ip6mr leading to missed unlock of
          mrt_lock.  From Richard Laing.
      
       6) rds_conn_lookup() needs to consider network namespace in key
          comparison, from Sowmini Varadhan.
      
       7) Fix deadlock in TIPC code wrt broadcast link wakeups, from Kolmakov
          Dmitriy.
      
       8) Fix fd leaks in bpf syscall, from Daniel Borkmann.
      
       9) Fix error recovery when installing ipv6 multipath routes, we would
          delete the old route before we would know if we could fully commit
          to the new set of nexthops.  Fix from Roopa Prabhu.
      
      10) Fix run-time suspend problems in r8152, from Hayes Wang.
      
      11) In fec, don't program the MAC address into the chip when the clocks
          are gated off.  From Fugang Duan.
      
      12) Fix poll behavior for netlink sockets when using rx ring mmap, from
          Daniel Borkmann.
      
      13) Don't allocate memory with GFP_KERNEL from get_stats64 in r8169
          driver, from Corinna Vinschen.
      
      14) In TCP Cubic congestion control, handle idle periods better where we
          are application limited, in order to keep cwnd from growing out of
          control.  From Eric Dumzet.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (65 commits)
        tcp_cubic: better follow cubic curve after idle period
        tcp: generate CA_EVENT_TX_START on data frames
        xen-netfront: respect user provided max_queues
        xen-netback: respect user provided max_queues
        r8169: Fix sleeping function called during get_stats64, v2
        ether: add IEEE 1722 ethertype - TSN
        netlink, mmap: fix edge-case leakages in nf queue zero-copy
        netlink, mmap: don't walk rx ring on poll if receive queue non-empty
        cxgb4: changes for new firmware 1.14.4.0
        net: fec: add netif status check before set mac address
        r8152: fix the runtime suspend issues
        r8152: split DRIVER_VERSION
        ipv6: fix ifnullfree.cocci warnings
        add microchip LAN88xx phy driver
        stmmac: fix check for phydev being open
        net: qlcnic: delete redundant memsets
        net: mv643xx_eth: use kzalloc
        net: jme: use kzalloc() instead of kmalloc+memset
        net: cavium: liquidio: use kzalloc in setup_glist()
        net: ipv6: use common fib_default_rule_pref
        ...
      65c61bc5
    • C
      dma-mapping: consolidate dma_set_mask · 452e06af
      Christoph Hellwig 提交于
      Almost everyone implements dma_set_mask the same way, although some time
      that's hidden in ->set_dma_mask methods.
      
      This patch consolidates those into a common implementation that either
      calls ->set_dma_mask if present or otherwise uses the default
      implementation.  Some architectures used to only call ->set_dma_mask
      after the initial checks, and those instance have been fixed to do the
      full work.  h8300 implemented dma_set_mask bogusly as a no-ops and has
      been fixed.
      
      Unfortunately some architectures overload unrelated semantics like changing
      the dma_ops into it so we still need to allow for an architecture override
      for now.
      
      [jcmvbkbc@gmail.com: fix xtensa]
      Signed-off-by: NChristoph Hellwig <hch@lst.de>
      Cc: Arnd Bergmann <arnd@arndb.de>
      Cc: Russell King <linux@arm.linux.org.uk>
      Cc: Catalin Marinas <catalin.marinas@arm.com>
      Cc: Will Deacon <will.deacon@arm.com>
      Cc: Yoshinori Sato <ysato@users.sourceforge.jp>
      Cc: Michal Simek <monstr@monstr.eu>
      Cc: Jonas Bonn <jonas@southpole.se>
      Cc: Chris Metcalf <cmetcalf@ezchip.com>
      Cc: Guan Xuetao <gxt@mprc.pku.edu.cn>
      Cc: Ralf Baechle <ralf@linux-mips.org>
      Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
      Cc: Ingo Molnar <mingo@elte.hu>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: "H. Peter Anvin" <hpa@zytor.com>
      Cc: Andy Shevchenko <andy.shevchenko@gmail.com>
      Signed-off-by: NMax Filippov <jcmvbkbc@gmail.com>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      452e06af
    • C
      dma-mapping: consolidate dma_supported · ee196371
      Christoph Hellwig 提交于
      Most architectures just call into ->dma_supported, but some also return 1
      if the method is not present, or 0 if no dma ops are present (although
      that should never happeb). Consolidate this more broad version into
      common code.
      
      Also fix h8300 which inorrectly always returned 0, which would have been
      a problem if it's dma_set_mask implementation wasn't a similarly buggy
      noop.
      
      As a few architectures have much more elaborate implementations, we
      still allow for arch overrides.
      
      [jcmvbkbc@gmail.com: fix xtensa]
      Signed-off-by: NChristoph Hellwig <hch@lst.de>
      Cc: Arnd Bergmann <arnd@arndb.de>
      Cc: Russell King <linux@arm.linux.org.uk>
      Cc: Catalin Marinas <catalin.marinas@arm.com>
      Cc: Will Deacon <will.deacon@arm.com>
      Cc: Yoshinori Sato <ysato@users.sourceforge.jp>
      Cc: Michal Simek <monstr@monstr.eu>
      Cc: Jonas Bonn <jonas@southpole.se>
      Cc: Chris Metcalf <cmetcalf@ezchip.com>
      Cc: Guan Xuetao <gxt@mprc.pku.edu.cn>
      Cc: Ralf Baechle <ralf@linux-mips.org>
      Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
      Cc: Ingo Molnar <mingo@elte.hu>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: "H. Peter Anvin" <hpa@zytor.com>
      Cc: Andy Shevchenko <andy.shevchenko@gmail.com>
      Signed-off-by: NMax Filippov <jcmvbkbc@gmail.com>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      ee196371
    • C
      dma-mapping: cosolidate dma_mapping_error · efa21e43
      Christoph Hellwig 提交于
      Currently there are three valid implementations of dma_mapping_error:
      
       (1) call ->mapping_error
       (2) check for a hardcoded error code
       (3) always return 0
      
      This patch provides a common implementation that calls ->mapping_error
      if present, then checks for DMA_ERROR_CODE if defined or otherwise
      returns 0.
      
      [jcmvbkbc@gmail.com: fix xtensa]
      Signed-off-by: NChristoph Hellwig <hch@lst.de>
      Cc: Arnd Bergmann <arnd@arndb.de>
      Cc: Russell King <linux@arm.linux.org.uk>
      Cc: Catalin Marinas <catalin.marinas@arm.com>
      Cc: Will Deacon <will.deacon@arm.com>
      Cc: Yoshinori Sato <ysato@users.sourceforge.jp>
      Cc: Michal Simek <monstr@monstr.eu>
      Cc: Jonas Bonn <jonas@southpole.se>
      Cc: Chris Metcalf <cmetcalf@ezchip.com>
      Cc: Guan Xuetao <gxt@mprc.pku.edu.cn>
      Cc: Ralf Baechle <ralf@linux-mips.org>
      Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
      Cc: Ingo Molnar <mingo@elte.hu>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: "H. Peter Anvin" <hpa@zytor.com>
      Cc: Andy Shevchenko <andy.shevchenko@gmail.com>
      Signed-off-by: NMax Filippov <jcmvbkbc@gmail.com>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      efa21e43
    • C
      dma-mapping: consolidate dma_{alloc,free}_noncoherent · 1e893752
      Christoph Hellwig 提交于
      Most architectures do not support non-coherent allocations and either
      define dma_{alloc,free}_noncoherent to their coherent versions or stub
      them out.
      
      Openrisc uses dma_{alloc,free}_attrs to implement them, and only Mips
      implements them directly.
      
      This patch moves the Openrisc version to common code, and handles the
      DMA_ATTR_NON_CONSISTENT case in the mips dma_map_ops instance.
      
      Note that actual non-coherent allocations require a dma_cache_sync
      implementation, so if non-coherent allocations didn't work on
      an architecture before this patch they still won't work after it.
      
      [jcmvbkbc@gmail.com: fix xtensa]
      Signed-off-by: NChristoph Hellwig <hch@lst.de>
      Cc: Arnd Bergmann <arnd@arndb.de>
      Cc: Russell King <linux@arm.linux.org.uk>
      Cc: Catalin Marinas <catalin.marinas@arm.com>
      Cc: Will Deacon <will.deacon@arm.com>
      Cc: Yoshinori Sato <ysato@users.sourceforge.jp>
      Cc: Michal Simek <monstr@monstr.eu>
      Cc: Jonas Bonn <jonas@southpole.se>
      Cc: Chris Metcalf <cmetcalf@ezchip.com>
      Cc: Guan Xuetao <gxt@mprc.pku.edu.cn>
      Cc: Ralf Baechle <ralf@linux-mips.org>
      Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
      Cc: Ingo Molnar <mingo@elte.hu>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: "H. Peter Anvin" <hpa@zytor.com>
      Cc: Andy Shevchenko <andy.shevchenko@gmail.com>
      Signed-off-by: NMax Filippov <jcmvbkbc@gmail.com>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      1e893752
    • C
      dma-mapping: consolidate dma_{alloc,free}_{attrs,coherent} · 6894258e
      Christoph Hellwig 提交于
      Since 2009 we have a nice asm-generic header implementing lots of DMA API
      functions for architectures using struct dma_map_ops, but unfortunately
      it's still missing a lot of APIs that all architectures still have to
      duplicate.
      
      This series consolidates the remaining functions, although we still need
      arch opt outs for two of them as a few architectures have very
      non-standard implementations.
      
      This patch (of 5):
      
      The coherent DMA allocator works the same over all architectures supporting
      dma_map operations.
      
      This patch consolidates them and converges the minor differences:
      
       - the debug_dma helpers are now called from all architectures, including
         those that were previously missing them
       - dma_alloc_from_coherent and dma_release_from_coherent are now always
         called from the generic alloc/free routines instead of the ops
         dma-mapping-common.h always includes dma-coherent.h to get the defintions
         for them, or the stubs if the architecture doesn't support this feature
       - checks for ->alloc / ->free presence are removed.  There is only one
         magic instead of dma_map_ops without them (mic_dma_ops) and that one
         is x86 only anyway.
      
      Besides that only x86 needs special treatment to replace a default devices
      if none is passed and tweak the gfp_flags.  An optional arch hook is provided
      for that.
      
      [linux@roeck-us.net: fix build]
      [jcmvbkbc@gmail.com: fix xtensa]
      Signed-off-by: NChristoph Hellwig <hch@lst.de>
      Cc: Arnd Bergmann <arnd@arndb.de>
      Cc: Russell King <linux@arm.linux.org.uk>
      Cc: Catalin Marinas <catalin.marinas@arm.com>
      Cc: Will Deacon <will.deacon@arm.com>
      Cc: Yoshinori Sato <ysato@users.sourceforge.jp>
      Cc: Michal Simek <monstr@monstr.eu>
      Cc: Jonas Bonn <jonas@southpole.se>
      Cc: Chris Metcalf <cmetcalf@ezchip.com>
      Cc: Guan Xuetao <gxt@mprc.pku.edu.cn>
      Cc: Ralf Baechle <ralf@linux-mips.org>
      Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
      Cc: Ingo Molnar <mingo@elte.hu>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: "H. Peter Anvin" <hpa@zytor.com>
      Cc: Andy Shevchenko <andy.shevchenko@gmail.com>
      Signed-off-by: NGuenter Roeck <linux@roeck-us.net>
      Signed-off-by: NMax Filippov <jcmvbkbc@gmail.com>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      6894258e
    • K
      mm: use vma_is_anonymous() in create_huge_pmd() and wp_huge_pmd() · fb6dd5fa
      Kirill A. Shutemov 提交于
      Let's use helper rather than direct check of vma->vm_ops to distinguish
      anonymous VMA.
      Signed-off-by: NKirill A. Shutemov <kirill.shutemov@linux.intel.com>
      Reviewed-by: NOleg Nesterov <oleg@redhat.com>
      Cc: "H. Peter Anvin" <hpa@zytor.com>
      Cc: Andy Lutomirski <luto@amacapital.net>
      Cc: Dave Hansen <dave.hansen@linux.intel.com>
      Cc: Ingo Molnar <mingo@elte.hu>
      Cc: Minchan Kim <minchan@kernel.org>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      fb6dd5fa
    • K
      mm: make sure all file VMAs have ->vm_ops set · 6dc296e7
      Kirill A. Shutemov 提交于
      We rely on vma->vm_ops == NULL to detect anonymous VMA: see
      vma_is_anonymous(), but some drivers doesn't set ->vm_ops.
      
      As a result we can end up with anonymous page in private file mapping.
      That should not lead to serious misbehaviour, but nevertheless is wrong.
      
      Let's fix by setting up dummy ->vm_ops for file mmapping if f_op->mmap()
      didn't set its own.
      
      The patch also adds sanity check into __vma_link_rb(). It will help
      catch broken VMAs which inserted directly into mm_struct via
      insert_vm_struct().
      Signed-off-by: NKirill A. Shutemov <kirill.shutemov@linux.intel.com>
      Reviewed-by: NOleg Nesterov <oleg@redhat.com>
      Cc: "H. Peter Anvin" <hpa@zytor.com>
      Cc: Andy Lutomirski <luto@amacapital.net>
      Cc: Dave Hansen <dave.hansen@linux.intel.com>
      Cc: Ingo Molnar <mingo@elte.hu>
      Cc: Minchan Kim <minchan@kernel.org>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      6dc296e7
    • O
      mm, mpx: add "vm_flags_t vm_flags" arg to do_mmap_pgoff() · 1fcfd8db
      Oleg Nesterov 提交于
      Add the additional "vm_flags_t vm_flags" argument to do_mmap_pgoff(),
      rename it to do_mmap(), and re-introduce do_mmap_pgoff() as a simple
      wrapper on top of do_mmap().  Perhaps we should update the callers of
      do_mmap_pgoff() and kill it later.
      
      This way mpx_mmap() can simply call do_mmap(vm_flags => VM_MPX) and do not
      play with vm internals.
      
      After this change mmap_region() has a single user outside of mmap.c,
      arch/tile/mm/elf.c:arch_setup_additional_pages().  It would be nice to
      change arch/tile/ and unexport mmap_region().
      
      [kirill@shutemov.name: fix build]
      [akpm@linux-foundation.org: coding-style fixes]
      Signed-off-by: NOleg Nesterov <oleg@redhat.com>
      Acked-by: NDave Hansen <dave.hansen@linux.intel.com>
      Tested-by: NDave Hansen <dave.hansen@linux.intel.com>
      Signed-off-by: NKirill A. Shutemov <kirill.shutemov@linux.intel.com>
      Cc: "H. Peter Anvin" <hpa@zytor.com>
      Cc: Andy Lutomirski <luto@amacapital.net>
      Cc: Ingo Molnar <mingo@elte.hu>
      Cc: Minchan Kim <minchan@kernel.org>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      1fcfd8db
    • K
      mm: mark most vm_operations_struct const · 7cbea8dc
      Kirill A. Shutemov 提交于
      With two exceptions (drm/qxl and drm/radeon) all vm_operations_struct
      structs should be constant.
      Signed-off-by: NKirill A. Shutemov <kirill.shutemov@linux.intel.com>
      Reviewed-by: NOleg Nesterov <oleg@redhat.com>
      Cc: "H. Peter Anvin" <hpa@zytor.com>
      Cc: Andy Lutomirski <luto@amacapital.net>
      Cc: Dave Hansen <dave.hansen@linux.intel.com>
      Cc: Ingo Molnar <mingo@elte.hu>
      Cc: Minchan Kim <minchan@kernel.org>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      7cbea8dc
    • M
      namei: fix warning while make xmldocs caused by namei.c · 2a78b857
      Masanari Iida 提交于
      Fix the following warnings:
      
      Warning(.//fs/namei.c:2422): No description found for parameter 'nd'
      Warning(.//fs/namei.c:2422): Excess function parameter 'nameidata'
      description in 'path_mountpoint'
      Signed-off-by: NMasanari Iida <standby24x7@gmail.com>
      Acked-by: NRandy Dunlap <rdunlap@infradead.org>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      2a78b857
    • D
      ipc: convert invalid scenarios to use WARN_ON · d0edd852
      Davidlohr Bueso 提交于
      Considering Linus' past rants about the (ab)use of BUG in the kernel, I
      took a look at how we deal with such calls in ipc.  Given that any errors
      or corruption in ipc code are most likely contained within the set of
      processes participating in the broken mechanisms, there aren't really many
      strong fatal system failure scenarios that would require a BUG call.
      Also, if something is seriously wrong, ipc might not be the place for such
      a BUG either.
      
      1. For example, recently, a customer hit one of these BUG_ONs in shm
         after failing shm_lock().  A busted ID imho does not merit a BUG_ON,
         and WARN would have been better.
      
      2. MSG_COPY functionality of posix msgrcv(2) for checkpoint/restore.
         I don't see how we can hit this anyway -- at least it should be IS_ERR.
          The 'copy' arg from do_msgrcv is always set by calling prepare_copy()
         first and foremost.  We could also probably drop this check altogether.
          Either way, it does not merit a BUG_ON.
      
      3. No ->fault() callback for the fs getting the corresponding page --
         seems selfish to make the system unusable.
      Signed-off-by: NDavidlohr Bueso <dbueso@suse.de>
      Cc: Manfred Spraul <manfred@colorfullife.com>
      Cc: Linus Torvalds <torvalds@linux-foundation.org>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      d0edd852
    • Y
      zlib_deflate/deftree: remove bi_reverse() · 8b235f2f
      yalin wang 提交于
      Remove bi_reverse() and use generic bitrev32() instead - it should have
      better performance on some platforms.
      Signed-off-by: Nyalin wang <yalin.wang2010@gmail.com>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      8b235f2f
    • F
      lib/decompress_unlzma: Do a NULL check for pointer · e4e29dc4
      Fabio Estevam 提交于
      Compare pointer-typed values to NULL rather than 0.
      
      The semantic patch that makes this change is available
      in scripts/coccinelle/null/badzero.cocci.
      Signed-off-by: NFabio Estevam <fabio.estevam@freescale.com>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      e4e29dc4
    • Y
      lib/decompressors: use real out buf size for gunzip with kernel · 2d3862d2
      Yinghai Lu 提交于
      When loading x86 64bit kernel above 4GiB with patched grub2, got kernel
      gunzip error.
      
      | early console in decompress_kernel
      | decompress_kernel:
      |       input: [0x807f2143b4-0x807ff61aee]
      |      output: [0x807cc00000-0x807f3ea29b] 0x027ea29c: output_len
      | boot via startup_64
      | KASLR using RDTSC...
      |  new output: [0x46fe000000-0x470138cfff] 0x0338d000: output_run_size
      |  decompress: [0x46fe000000-0x47007ea29b] <=== [0x807f2143b4-0x807ff61aee]
      |
      | Decompressing Linux... gz...
      |
      | uncompression error
      |
      | -- System halted
      
      the new buffer is at 0x46fe000000ULL, decompressor_gzip is using
      0xffffffb901ffffff as out_len.  gunzip in lib/zlib_inflate/inflate.c cap
      that len to 0x01ffffff and decompress fails later.
      
      We could hit this problem with crashkernel booting that uses kexec loading
      kernel above 4GiB.
      
      We have decompress_* support:
          1. inbuf[]/outbuf[] for kernel preboot.
          2. inbuf[]/flush() for initramfs
          3. fill()/flush() for initrd.
      This bug only affect kernel preboot path that use outbuf[].
      
      Add __decompress and take real out_buf_len for gunzip instead of guessing
      wrong buf size.
      
      Fixes: 1431574a (lib/decompressors: fix "no limit" output buffer length)
      Signed-off-by: NYinghai Lu <yinghai@kernel.org>
      Cc: Alexandre Courbot <acourbot@nvidia.com>
      Cc: Jon Medhurst <tixy@linaro.org>
      Cc: Stephen Warren <swarren@wwwdotorg.org>
      Cc: "H. Peter Anvin" <hpa@zytor.com>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: Ingo Molnar <mingo@redhat.com>
      Cc: <stable@vger.kernel.org>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      2d3862d2
    • P
      fs/affs: make root lookup from blkdev logical size · e852d82a
      Pranay Kr. Srivastava 提交于
      This patch resolves https://bugzilla.kernel.org/show_bug.cgi?id=16531.
      
      When logical blkdev size > 512 then sector numbers become larger than the
      device can support.
      
      Make affs start lookup based on the device's logical sector size instead
      of 512.
      Reported-by: NMark <markk@clara.co.uk>
      Suggested-by: NMark <markk@clara.co.uk>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      e852d82a
    • I
      sysctl: fix int -> unsigned long assignments in INT_MIN case · 9a5bc726
      Ilya Dryomov 提交于
      The following
      
          if (val < 0)
              *lvalp = (unsigned long)-val;
      
      is incorrect because the compiler is free to assume -val to be positive
      and use a sign-extend instruction for extending the bit pattern.  This is
      a problem if val == INT_MIN:
      
          # echo -2147483648 >/proc/sys/dev/scsi/logging_level
          # cat /proc/sys/dev/scsi/logging_level
          -18446744071562067968
      
      Cast to unsigned long before negation - that way we first sign-extend and
      then negate an unsigned, which is well defined.  With this:
      
          # cat /proc/sys/dev/scsi/logging_level
          -2147483648
      Signed-off-by: NIlya Dryomov <idryomov@gmail.com>
      Cc: Mikulas Patocka <mikulas@twibright.com>
      Cc: Robert Xiao <nneonneo@gmail.com>
      Cc: "Eric W. Biederman" <ebiederm@xmission.com>
      Cc: Kees Cook <keescook@chromium.org>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      9a5bc726
    • B
      kexec: export KERNEL_IMAGE_SIZE to vmcoreinfo · 1303a27c
      Baoquan He 提交于
      In x86_64, since v2.6.26 the KERNEL_IMAGE_SIZE is changed to 512M, and
      accordingly the MODULES_VADDR is changed to 0xffffffffa0000000.  However,
      in v3.12 Kees Cook introduced kaslr to randomise the location of kernel.
      And the kernel text mapping addr space is enlarged from 512M to 1G.  That
      means now KERNEL_IMAGE_SIZE is variable, its value is 512M when kaslr
      support is not compiled in and 1G when kaslr support is compiled in.
      Accordingly the MODULES_VADDR is changed too to be:
      
          #define MODULES_VADDR    (__START_KERNEL_map + KERNEL_IMAGE_SIZE)
      
      So when kaslr is compiled in and enabled, the kernel text mapping addr
      space and modules vaddr space need be adjusted.  Otherwise makedumpfile
      will collapse since the addr for some symbols is not correct.
      
      Hence KERNEL_IMAGE_SIZE need be exported to vmcoreinfo and got in
      makedumpfile to help calculate MODULES_VADDR.
      Signed-off-by: NBaoquan He <bhe@redhat.com>
      Acked-by: NKees Cook <keescook@chromium.org>
      Acked-by: NVivek Goyal <vgoyal@redhat.com>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      1303a27c
    • B
      kexec: align crash_notes allocation to make it be inside one physical page · bbb78b8f
      Baoquan He 提交于
      People reported that crash_notes in /proc/vmcore were corrupted and this
      cause crash kdump failure.  With code debugging and log we got the root
      cause.  This is because percpu variable crash_notes are allocated in 2
      vmalloc pages.  Currently percpu is based on vmalloc by default.  Vmalloc
      can't guarantee 2 continuous vmalloc pages are also on 2 continuous
      physical pages.  So when 1st kernel exports the starting address and size
      of crash_notes through sysfs like below:
      
      /sys/devices/system/cpu/cpux/crash_notes
      /sys/devices/system/cpu/cpux/crash_notes_size
      
      kdump kernel use them to get the content of crash_notes.  However the 2nd
      part may not be in the next neighbouring physical page as we expected if
      crash_notes are allocated accross 2 vmalloc pages.  That's why
      nhdr_ptr->n_namesz or nhdr_ptr->n_descsz could be very huge in
      update_note_header_size_elf64() and cause note header merging failure or
      some warnings.
      
      In this patch change to call __alloc_percpu() to passed in the align value
      by rounding crash_notes_size up to the nearest power of two.  This makes
      sure the crash_notes is allocated inside one physical page since
      sizeof(note_buf_t) in all ARCHS is smaller than PAGE_SIZE.  Meanwhile add
      a BUILD_BUG_ON to break compile if size is bigger than PAGE_SIZE since
      crash_notes definitely will be in 2 pages.  That need be avoided, and need
      be reported if it's unavoidable.
      
      [akpm@linux-foundation.org: use correct comment layout]
      Signed-off-by: NBaoquan He <bhe@redhat.com>
      Cc: Eric W. Biederman <ebiederm@xmission.com>
      Cc: Vivek Goyal <vgoyal@redhat.com>
      Cc: Dave Young <dyoung@redhat.com>
      Cc: Lisa Mitchell <lisa.mitchell@hp.com>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      bbb78b8f
    • M
      kexec: remove unnecessary test in kimage_alloc_crash_control_pages() · 04e9949b
      Minfei Huang 提交于
      Transforming PFN(Page Frame Number) to struct page is never failure, so we
      can simplify the code logic to do the image->control_page assignment
      directly in the loop, and remove the unnecessary conditional judgement.
      Signed-off-by: NMinfei Huang <mnfhuang@gmail.com>
      Acked-by: NDave Young <dyoung@redhat.com>
      Acked-by: NVivek Goyal <vgoyal@redhat.com>
      Cc: Simon Horman <horms@verge.net.au>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      04e9949b
    • D
      kexec: split kexec_load syscall from kexec core code · 2965faa5
      Dave Young 提交于
      There are two kexec load syscalls, kexec_load another and kexec_file_load.
       kexec_file_load has been splited as kernel/kexec_file.c.  In this patch I
      split kexec_load syscall code to kernel/kexec.c.
      
      And add a new kconfig option KEXEC_CORE, so we can disable kexec_load and
      use kexec_file_load only, or vice verse.
      
      The original requirement is from Ted Ts'o, he want kexec kernel signature
      being checked with CONFIG_KEXEC_VERIFY_SIG enabled.  But kexec-tools use
      kexec_load syscall can bypass the checking.
      
      Vivek Goyal proposed to create a common kconfig option so user can compile
      in only one syscall for loading kexec kernel.  KEXEC/KEXEC_FILE selects
      KEXEC_CORE so that old config files still work.
      
      Because there's general code need CONFIG_KEXEC_CORE, so I updated all the
      architecture Kconfig with a new option KEXEC_CORE, and let KEXEC selects
      KEXEC_CORE in arch Kconfig.  Also updated general kernel code with to
      kexec_load syscall.
      
      [akpm@linux-foundation.org: coding-style fixes]
      Signed-off-by: NDave Young <dyoung@redhat.com>
      Cc: Eric W. Biederman <ebiederm@xmission.com>
      Cc: Vivek Goyal <vgoyal@redhat.com>
      Cc: Petr Tesarik <ptesarik@suse.cz>
      Cc: Theodore Ts'o <tytso@mit.edu>
      Cc: Josh Boyer <jwboyer@fedoraproject.org>
      Cc: David Howells <dhowells@redhat.com>
      Cc: Geert Uytterhoeven <geert@linux-m68k.org>
      Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
      2965faa5