openwrt/staging/blogic.git
9 years agoMerge branch 'smack-for-3.20-rebased' of git://git.gitorious.org/smack-next/kernel...
James Morris [Thu, 22 Jan 2015 02:22:23 +0000 (13:22 +1100)]
Merge branch 'smack-for-3.20-rebased' of git://git.gitorious.org/smack-next/kernel into next

9 years agosmack: fix possible use after frees in task_security() callers
Andrey Ryabinin [Tue, 13 Jan 2015 15:52:40 +0000 (18:52 +0300)]
smack: fix possible use after frees in task_security() callers

We hit use after free on dereferncing pointer to task_smack struct in
smk_of_task() called from smack_task_to_inode().

task_security() macro uses task_cred_xxx() to get pointer to the task_smack.
task_cred_xxx() could be used only for non-pointer members of task's
credentials. It cannot be used for pointer members since what they point
to may disapper after dropping RCU read lock.

Mainly task_security() used this way:
smk_of_task(task_security(p))

Intead of this introduce function smk_of_task_struct() which
takes task_struct as argument and returns pointer to smk_known struct
and do this under RCU read lock.
Bogus task_security() macro is not used anymore, so remove it.

KASan's report for this:

AddressSanitizer: use after free in smack_task_to_inode+0x50/0x70 at addr c4635600
=============================================================================
BUG kmalloc-64 (Tainted: PO): kasan error
-----------------------------------------------------------------------------

Disabling lock debugging due to kernel taint
INFO: Allocated in new_task_smack+0x44/0xd8 age=39 cpu=0 pid=1866
kmem_cache_alloc_trace+0x88/0x1bc
new_task_smack+0x44/0xd8
smack_cred_prepare+0x48/0x21c
security_prepare_creds+0x44/0x4c
prepare_creds+0xdc/0x110
smack_setprocattr+0x104/0x150
security_setprocattr+0x4c/0x54
proc_pid_attr_write+0x12c/0x194
vfs_write+0x1b0/0x370
SyS_write+0x5c/0x94
ret_fast_syscall+0x0/0x48
INFO: Freed in smack_cred_free+0xc4/0xd0 age=27 cpu=0 pid=1564
kfree+0x270/0x290
smack_cred_free+0xc4/0xd0
security_cred_free+0x34/0x3c
put_cred_rcu+0x58/0xcc
rcu_process_callbacks+0x738/0x998
__do_softirq+0x264/0x4cc
do_softirq+0x94/0xf4
irq_exit+0xbc/0x120
handle_IRQ+0x104/0x134
gic_handle_irq+0x70/0xac
__irq_svc+0x44/0x78
_raw_spin_unlock+0x18/0x48
sync_inodes_sb+0x17c/0x1d8
sync_filesystem+0xac/0xfc
vdfs_file_fsync+0x90/0xc0
vfs_fsync_range+0x74/0x7c
INFO: Slab 0xd3b23f50 objects=32 used=31 fp=0xc4635600 flags=0x4080
INFO: Object 0xc4635600 @offset=5632 fp=0x  (null)

Bytes b4 c46355f0: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a  ZZZZZZZZZZZZZZZZ
Object c4635600: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b  kkkkkkkkkkkkkkkk
Object c4635610: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b  kkkkkkkkkkkkkkkk
Object c4635620: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b  kkkkkkkkkkkkkkkk
Object c4635630: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b a5  kkkkkkkkkkkkkkk.
Redzone c4635640: bb bb bb bb                                      ....
Padding c46356e8: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a  ZZZZZZZZZZZZZZZZ
Padding c46356f8: 5a 5a 5a 5a 5a 5a 5a 5a                          ZZZZZZZZ
CPU: 5 PID: 834 Comm: launchpad_prelo Tainted: PBO 3.10.30 #1
Backtrace:
[<c00233a4>] (dump_backtrace+0x0/0x158) from [<c0023dec>] (show_stack+0x20/0x24)
 r7:c4634010 r6:d3b23f50 r5:c4635600 r4:d1002140
[<c0023dcc>] (show_stack+0x0/0x24) from [<c06d6d7c>] (dump_stack+0x20/0x28)
[<c06d6d5c>] (dump_stack+0x0/0x28) from [<c01c1d50>] (print_trailer+0x124/0x144)
[<c01c1c2c>] (print_trailer+0x0/0x144) from [<c01c1e88>] (object_err+0x3c/0x44)
 r7:c4635600 r6:d1002140 r5:d3b23f50 r4:c4635600
[<c01c1e4c>] (object_err+0x0/0x44) from [<c01cac18>] (kasan_report_error+0x2b8/0x538)
 r6:d1002140 r5:d3b23f50 r4:c6429cf8 r3:c09e1aa7
[<c01ca960>] (kasan_report_error+0x0/0x538) from [<c01c9430>] (__asan_load4+0xd4/0xf8)
[<c01c935c>] (__asan_load4+0x0/0xf8) from [<c031e168>] (smack_task_to_inode+0x50/0x70)
 r5:c4635600 r4:ca9da000
[<c031e118>] (smack_task_to_inode+0x0/0x70) from [<c031af64>] (security_task_to_inode+0x3c/0x44)
 r5:cca25e80 r4:c0ba9780
[<c031af28>] (security_task_to_inode+0x0/0x44) from [<c023d614>] (pid_revalidate+0x124/0x178)
 r6:00000000 r5:cca25e80 r4:cbabe3c0 r3:00008124
[<c023d4f0>] (pid_revalidate+0x0/0x178) from [<c01db98c>] (lookup_fast+0x35c/0x43y4)
 r9:c6429efc r8:00000101 r7:c079d940 r6:c6429e90 r5:c6429ed8 r4:c83c4148
[<c01db630>] (lookup_fast+0x0/0x434) from [<c01deec8>] (do_last.isra.24+0x1c0/0x1108)
[<c01ded08>] (do_last.isra.24+0x0/0x1108) from [<c01dff04>] (path_openat.isra.25+0xf4/0x648)
[<c01dfe10>] (path_openat.isra.25+0x0/0x648) from [<c01e1458>] (do_filp_open+0x3c/0x88)
[<c01e141c>] (do_filp_open+0x0/0x88) from [<c01ccb28>] (do_sys_open+0xf0/0x198)
 r7:00000001 r6:c0ea2180 r5:0000000b r4:00000000
[<c01cca38>] (do_sys_open+0x0/0x198) from [<c01ccc00>] (SyS_open+0x30/0x34)
[<c01ccbd0>] (SyS_open+0x0/0x34) from [<c001db80>] (ret_fast_syscall+0x0/0x48)
Read of size 4 by thread T834:
Memory state around the buggy address:
 c4635380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 c4635400: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
 c4635480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 c4635500: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc
 c4635580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
>c4635600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
           ^
 c4635680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 c4635700: 00 00 00 00 04 fc fc fc fc fc fc fc fc fc fc fc
 c4635780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 c4635800: 00 00 00 00 00 00 04 fc fc fc fc fc fc fc fc fc
 c4635880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
==================================================================

Signed-off-by: Andrey Ryabinin <a.ryabinin@samsung.com>
Cc: <stable@vger.kernel.org>
9 years agosmack: Add missing logging in bidirectional UDS connect check
Rafal Krypa [Thu, 8 Jan 2015 17:52:45 +0000 (18:52 +0100)]
smack: Add missing logging in bidirectional UDS connect check

During UDS connection check, both sides are checked for write access to
the other side. But only the first check is performed with audit support.
The second one didn't produce any audit logs. This simple patch fixes that.

Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
9 years agoSmack: secmark support for netfilter
Casey Schaufler [Sat, 13 Dec 2014 01:08:40 +0000 (17:08 -0800)]
Smack: secmark support for netfilter

Smack uses CIPSO to label internet packets and thus provide
for access control on delivery of packets. The netfilter facility
was not used to allow for Smack to work properly without netfilter
configuration. Smack does not need netfilter, however there are
cases where it would be handy.

As a side effect, the labeling of local IPv4 packets can be optimized
and the handling of local IPv6 packets is just all out better.

The best part is that the netfilter tools use "contexts" that
are just strings, and they work just as well for Smack as they
do for SELinux.

All of the conditional compilation for IPv6 was implemented
by Rafal Krypa <r.krypa@samsung.com>

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
9 years agoSmack: Rework file hooks
Casey Schaufler [Sat, 13 Dec 2014 01:19:19 +0000 (17:19 -0800)]
Smack: Rework file hooks

This is one of those cases where you look at code you did
years ago and wonder what you might have been thinking.
There are a number of LSM hooks that work off of file pointers,
and most of them really want the security data from the inode.
Some, however, really want the security context that the process
had when the file was opened. The difference went undetected in
Smack until it started getting used in a real system with real
testing. At that point it was clear that something was amiss.

This patch corrects the misuse of the f_security value in several
of the hooks. The behavior will not usually be any different, as
the process had to be able to open the file in the first place, and
the old check almost always succeeded, as will the new, but for
different reasons.

Thanks to the Samsung Tizen development team that identified this.

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
9 years agotpm: fix format string error in tpm-chip.c
Jarkko Sakkinen [Tue, 20 Jan 2015 10:03:35 +0000 (12:03 +0200)]
tpm: fix format string error in tpm-chip.c

dev_set_name() takes three arguments where the second argument is
a format string. This patch fixes the call accordingly in tpm-chip.c

Reported-by: kbuild test robot <fengguang.wu@intel.com>
Fixes: 313d21eeab92 ("tpm: device class for tpm")
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Peter Huewe <peterhuewe@gmx.de>
9 years agochar/tpm/tpm_crb: fix build error
Jarkko Sakkinen [Mon, 19 Jan 2015 08:43:40 +0000 (10:43 +0200)]
char/tpm/tpm_crb: fix build error

SIMPLE_DEV_PM_OPS() was inside #ifdef CONFIG_PM_SLEEP.

Fixes: 30fc8d1 ("tpm: TPM 2.0 CRB Interface")
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Peter Huewe <peterhuewe@gmx.de>
9 years agosmack: Fix a bidirectional UDS connect check typo
Zbigniew Jasinski [Mon, 29 Dec 2014 14:34:58 +0000 (15:34 +0100)]
smack: Fix a bidirectional UDS connect check typo

The 54e70ec5eb090193b03e69d551fa6771a5a217c4 commit introduced a
bidirectional check that should have checked for mutual WRITE access
between two labels. Due to a typo subject's OUT label is checked with
object's OUT. Should be OUT to IN.

Signed-off-by: Zbigniew Jasinski <z.jasinski@samsung.com>
9 years agosmack: introduce a special case for tmpfs in smack_d_instantiate()
Łukasz Stelmach [Tue, 16 Dec 2014 15:53:08 +0000 (16:53 +0100)]
smack: introduce a special case for tmpfs in smack_d_instantiate()

Files created with __shmem_file_stup() appear to have somewhat fake
dentries which make them look like root directories and not get
the label the current process or ("*") star meant for tmpfs files.

Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
9 years agosmack: fix logic in smack_inode_init_security function
Lukasz Pawelczyk [Wed, 26 Nov 2014 14:31:07 +0000 (15:31 +0100)]
smack: fix logic in smack_inode_init_security function

In principle if this function was called with "value" == NULL and "len"
not NULL it could return different results for the "len" compared to a
case where "name" was not NULL. This is a hypothetical case that does
not exist in the kernel, but it's a logic bug nonetheless.

Signed-off-by: Lukasz Pawelczyk <l.pawelczyk@samsung.com>
9 years agosmack: miscellaneous small fixes in function comments
Lukasz Pawelczyk [Wed, 26 Nov 2014 14:31:06 +0000 (15:31 +0100)]
smack: miscellaneous small fixes in function comments

Signed-off-by: Lukasz Pawelczyk <l.pawelczyk@samsung.com>
9 years agochar/tpm: fixed white spaces coding style issues
Bruno E O Meneguele [Sat, 17 Jan 2015 16:03:30 +0000 (17:03 +0100)]
char/tpm: fixed white spaces coding style issues

Fixed some coding style issues reported by checkpatch.

Signed-off-by: Bruno E O Meneguele <bmeneguele@gmail.com>
[phuewe: ported to latest code]
Signed-off-by: Peter Huewe <peterhuewe@gmx.de>
9 years agoMAINTAINERS: Add Patchwork and Git URL for TPMDD
Peter Huewe [Sat, 17 Jan 2015 14:17:51 +0000 (15:17 +0100)]
MAINTAINERS: Add Patchwork and Git URL for TPMDD

Maybe it helps people finding the right tree and also simplifies
tracking of their patches

Signed-off-by: Peter Huewe <peterhuewe@gmx.de>
9 years agotpm/tpm_i2c_stm_st33/dts/st33zp24-i2c: Rename st33zp24 dts documentation
Christophe Ricard [Tue, 13 Jan 2015 22:13:15 +0000 (23:13 +0100)]
tpm/tpm_i2c_stm_st33/dts/st33zp24-i2c: Rename st33zp24 dts documentation

st33zp24 exists in i2c and spi version. Both have different possible
configuration.
st33zp24.txt is renamed st33zp24-i2c.txt.

Reviewed-by: Jason Gunthorpe <jason.gunthorpe@obsidianresearch.com>
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Reviewed-by: Peter Huewe <peterhuewe@gmx.de>
Signed-off-by: Peter Huewe <peterhuewe@gmx.de>
9 years agotpm/tpm_i2c_stm_st33: Change tpm_i2c_stm_st33.h to tpm_stm_st33.h
Christophe Ricard [Tue, 13 Jan 2015 22:13:13 +0000 (23:13 +0100)]
tpm/tpm_i2c_stm_st33: Change tpm_i2c_stm_st33.h to tpm_stm_st33.h

include/linux/platform_data/tpm_i2c_stm_st33.h can be used by other st33
tpm device driver not using i2c protocol.

Reviewed-by: Jason Gunthorpe <jason.gunthorpe@obsidianresearch.com>
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Reviewed-by: Peter Huewe <peterhuewe@gmx.de>
Signed-off-by: Peter Huewe <peterhuewe@gmx.de>
9 years agotpm/tpm_i2c_stm_st33: Replace remaining r by ret
Christophe Ricard [Tue, 13 Jan 2015 22:13:11 +0000 (23:13 +0100)]
tpm/tpm_i2c_stm_st33: Replace remaining r by ret

Some places are still using r instead of ret.

Reviewed-by: Jason Gunthorpe <jason.gunthorpe@obsidianresearch.com>
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Reviewed-by: Peter Huewe <peterhuewe@gmx.de>
Signed-off-by: Peter Huewe <peterhuewe@gmx.de>
9 years agotpm/tpm_i2c_stm_st33: Sanity cleanup
Christophe Ricard [Tue, 13 Jan 2015 22:13:10 +0000 (23:13 +0100)]
tpm/tpm_i2c_stm_st33: Sanity cleanup

Cleanup header description and correct some indent.

Reviewed-by: Jason Gunthorpe <jason.gunthorpe@obsidianresearch.com>
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Reviewed-by: Peter Huewe <peterhuewe@gmx.de>
Signed-off-by: Peter Huewe <peterhuewe@gmx.de>
9 years agotpm/tpm_i2c_stm_st33: Remove sparse spaces
Christophe Ricard [Tue, 13 Jan 2015 22:13:09 +0000 (23:13 +0100)]
tpm/tpm_i2c_stm_st33: Remove sparse spaces

Remove some useless spaces (new line or space)

Reviewed-by: Jason Gunthorpe <jason.gunthorpe@obsidianresearch.com>
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Reviewed-by: Peter Huewe <peterhuewe@gmx.de>
Signed-off-by: Peter Huewe <peterhuewe@gmx.de>
9 years agotpm/tpm_i2c_stm_st33: Add status check when reading data on the FIFO
Christophe Ricard [Tue, 13 Jan 2015 22:13:14 +0000 (23:13 +0100)]
tpm/tpm_i2c_stm_st33: Add status check when reading data on the FIFO

Add a return value check when reading data from the FIFO register.

Cc: <stable@vger.kernel.org>
Reviewed-by: Jason Gunthorpe <jason.gunthorpe@obsidianresearch.com>
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Reviewed-by: Peter Huewe <peterhuewe@gmx.de>
Signed-off-by: Peter Huewe <peterhuewe@gmx.de>
9 years agotpm: TPM 2.0 FIFO Interface
Jarkko Sakkinen [Fri, 12 Dec 2014 19:46:40 +0000 (11:46 -0800)]
tpm: TPM 2.0 FIFO Interface

Detect TPM 2.0 by sending idempotent TPM 2.x command. Ordinals for
TPM 2.0 are higher than TPM 1.x commands so this should be fail-safe.
Using STS3 is unreliable because some chips just report 0xff and not
what the spec says.

Before TPM family is detected, timeouts are set to the maximum values
for both TPM 1.x and TPM 2.x. In addition to this, suspend/resume
functionality is implemented for TPM 2.x.

Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Will Arthur <will.c.arthur@intel.com>
Reviewed-by: Jasob Gunthorpe <jason.gunthorpe@obsidianresearch.com>
Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Reviewed-by: Peter Huewe <peterhuewe@gmx.de>
Tested-by: Peter Huewe <peterhuewe@gmx.de>
Signed-off-by: Peter Huewe <peterhuewe@gmx.de>
9 years agotpm: TPM 2.0 CRB Interface
Jarkko Sakkinen [Fri, 12 Dec 2014 19:46:39 +0000 (11:46 -0800)]
tpm: TPM 2.0 CRB Interface

tpm_crb is a driver for TPM 2.0 Command Response Buffer (CRB) Interface
as defined in PC Client Platform TPM Profile (PTP) Specification.

Only polling and single locality is supported as these are the limitations
of the available hardware, Platform Trust Techonlogy (PTT) in Haswell
CPUs.

The driver always applies CRB with ACPI start because PTT reports using
only ACPI start as start method but as a result of my testing it requires
also CRB start.

Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Reviewed-by: Jasob Gunthorpe <jason.gunthorpe@obsidianresearch.com>
Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Signed-off-by: Peter Huewe <peterhuewe@gmx.de>
9 years agotpm: TPM 2.0 baseline support
Jarkko Sakkinen [Fri, 12 Dec 2014 19:46:38 +0000 (11:46 -0800)]
tpm: TPM 2.0 baseline support

TPM 2.0 devices are separated by adding a field 'flags' to struct
tpm_chip and defining a flag TPM_CHIP_FLAG_TPM2 for tagging them.

This patch adds the following internal functions:

- tpm2_get_random()
- tpm2_get_tpm_pt()
- tpm2_pcr_extend()
- tpm2_pcr_read()
- tpm2_startup()

Additionally, the following exported functions are implemented for
implementing TPM 2.0 device drivers:

- tpm2_do_selftest()
- tpm2_calc_ordinal_durations()
- tpm2_gen_interrupt()

The existing functions that are exported for the use for existing
subsystems have been changed to check the flags field in struct
tpm_chip and use appropriate TPM 2.0 counterpart if
TPM_CHIP_FLAG_TPM2 is est.

The code for tpm2_calc_ordinal_duration() and tpm2_startup() were
originally written by Will Arthur.

Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Signed-off-by: Will Arthur <will.c.arthur@intel.com>
Reviewed-by: Jasob Gunthorpe <jason.gunthorpe@obsidianresearch.com>
Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Reviewed-by: Peter Huewe <peterhuewe@gmx.de>
Tested-by: Peter Huewe <peterhuewe@gmx.de>
[phuewe: Fixed copy paste error * 2]
Signed-off-by: Peter Huewe <peterhuewe@gmx.de>
9 years agotpm: device class for tpm
Jarkko Sakkinen [Fri, 12 Dec 2014 19:46:37 +0000 (11:46 -0800)]
tpm: device class for tpm

Added own device class for TPM. Uses MISC_MAJOR:TPM_MINOR for the
first character device in order to retain backwards compatibility.
Added tpm_dev_release() back attached to the character device.

I've been running this code now for a while on my laptop (Lenovo
T430S) TrouSerS works perfectly without modifications. I don't
believe it breaks anything significantly.

The sysfs attributes that have been placed under the wrong place
and are against sysfs-rules.txt should be probably left to
stagnate under platform device directory and start defining
new sysfs attributes to the char device directory.

Guidelines for future TPM sysfs attributes should be probably
along the lines of

- Single flat set of mandatory sysfs attributes. For example,
  current PPI interface is way way too rich when you only want
  to use it to clear and activate the TPM.

- Define sysfs attribute if and only if there's no way to get
  the value from ring-3. No attributes for TPM properties. It's
  just unnecessary maintenance hurdle that we don't want.

Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Reviewed-by: Jasob Gunthorpe <jason.gunthorpe@obsidianresearch.com>
Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Tested-by: Scot Doyle <lkml14@scotdoyle.com>
Tested-by: Peter Huewe <peterhuewe@gmx.de>
Signed-off-by: Peter Huewe <peterhuewe@gmx.de>
9 years agotpm: rename chip->dev to chip->pdev
Jarkko Sakkinen [Fri, 12 Dec 2014 19:46:36 +0000 (11:46 -0800)]
tpm: rename chip->dev to chip->pdev

Rename chip->dev to chip->pdev to make it explicit that this not the
character device but actually represents the platform device.

Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Reviewed-by: Jasob Gunthorpe <jason.gunthorpe@obsidianresearch.com>
Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Reviewed-by: Peter Huewe <peterhuewe@gmx.de>
Tested-by: Scot Doyle <lkml14@scotdoyle.com>
Tested-by: Peter Huewe <peterhuewe@gmx.de>
Signed-off-by: Peter Huewe <peterhuewe@gmx.de>
9 years agotpm: fix raciness of PPI interface lookup
Jarkko Sakkinen [Fri, 12 Dec 2014 19:46:35 +0000 (11:46 -0800)]
tpm: fix raciness of PPI interface lookup

Traversal of the ACPI device tree was not done right. PPI interface
should be looked up only from the ACPI device that is the platform
device for the TPM. This could cause problems with systems with
two TPM chips such as 4th gen Intel systems.

In addition, added the missing license and copyright platter to
the tpm_ppi.c.

Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Reviewed-by: Jasob Gunthorpe <jason.gunthorpe@obsidianresearch.com>
Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Tested-by: Scot Doyle <lkml14@scotdoyle.com>
Signed-off-by: Peter Huewe <peterhuewe@gmx.de>
9 years agotpm: two-phase chip management functions
Jarkko Sakkinen [Fri, 12 Dec 2014 19:46:34 +0000 (11:46 -0800)]
tpm: two-phase chip management functions

tpm_register_hardware() and tpm_remove_hardware() are called often
before initializing the device. The problem is that the device might
not be fully initialized when it comes visible to the user space.

This patch resolves the issue by diving initialization into two
parts:

- tpmm_chip_alloc() creates struct tpm_chip.

- tpm_chip_register() sets up the character device and sysfs
  attributes.

The framework takes care of freeing struct tpm_chip by using the devres
API. The broken release callback has been wiped. ACPI drivers do not
ever get this callback.

Regards to Jason Gunthorpe for carefully reviewing this part of the
code.

Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Reviewed-by: Jasob Gunthorpe <jason.gunthorpe@obsidianresearch.com>
Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Tested-by: Scot Doyle <lkml14@scotdoyle.com>
Tested-by: Peter Huewe <peterhuewe@gmx.de>
[phuewe: update to upstream changes]
Signed-off-by: Peter Huewe <peterhuewe@gmx.de>
9 years agotpm: merge duplicate transmit_cmd() functions
Jarkko Sakkinen [Fri, 12 Dec 2014 19:46:33 +0000 (11:46 -0800)]
tpm: merge duplicate transmit_cmd() functions

Merged transmit_cmd() functions in tpm-interface.c and tpm-sysfs.c.
Added "tpm_" prefix for consistency sake. Changed cmd parameter as
opaque. This enables to use separate command structures for TPM1
and TPM2 commands in future. Loose coupling works fine here.

Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Reviewed-by: Jasob Gunthorpe <jason.gunthorpe@obsidianresearch.com>
Reviewed-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Reviewed-by: Peter Huewe <peterhuewe@gmx.de>
Tested-by: Scot Doyle <lkml14@scotdoyle.com>
Tested-by: Peter Huewe <peterhuewe@gmx.de>
Signed-off-by: Peter Huewe <peterhuewe@gmx.de>
9 years agotpm_ibmvtpm: Update email address in maintainers list and ibmvtpm driver
Ashley Lai [Fri, 5 Dec 2014 03:01:51 +0000 (21:01 -0600)]
tpm_ibmvtpm: Update email address in maintainers list and ibmvtpm driver

Added myself as a maintainer for the IBM vtpm driver and removed myself
from the tpm maintainer list. Also, updated the tpm_ibmvtpm driver with
my current email address.

Signed-off-by: Ashley Lai <ashleydlai@gmail.com>
Signed-off-by: Peter Huewe <peterhuewe@gmx.de>
9 years agotpm/tpm_i2c_stm_st33: Fix coccinelle warnings. Possible NULL pointer dereference
Christophe Ricard [Tue, 2 Dec 2014 20:06:03 +0000 (21:06 +0100)]
tpm/tpm_i2c_stm_st33: Fix coccinelle warnings. Possible NULL pointer dereference

If !client the kernel mays oops in dev_info when doing client->dev.

Reported-by: Peter Huewe <peterhuewe@gmx.de>
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Signed-off-by: Peter Huewe <peterhuewe@gmx.de>
9 years agotpm/tpm_i2c_stm_st33: Increment driver version to 1.2.1.
Christophe Ricard [Mon, 1 Dec 2014 18:33:00 +0000 (19:33 +0100)]
tpm/tpm_i2c_stm_st33: Increment driver version to 1.2.1.

Many changes were added to the driver so increment the version.

Reviewed-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Signed-off-by: Peter Huewe <peterhuewe@gmx.de>
9 years agotpm/tpm_i2c_stm_st33: Remove useless i2c read on interrupt registers
Christophe Ricard [Mon, 1 Dec 2014 18:32:59 +0000 (19:32 +0100)]
tpm/tpm_i2c_stm_st33: Remove useless i2c read on interrupt registers

Remove useless i2c read on TPM_INT_ENABLE and TPM_INT_STATUS

Reviewed-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Signed-off-by: Peter Huewe <peterhuewe@gmx.de>
9 years agotpm/tpm_i2c_stm_st33: Interrupt management improvement
Christophe Ricard [Mon, 1 Dec 2014 18:32:58 +0000 (19:32 +0100)]
tpm/tpm_i2c_stm_st33: Interrupt management improvement

Improve the irq management by using a new function wait_for_stat.
Instead of using a completion struct, we rely on the waitqueue read_queue
and int_queue from chip->vendor field.

Reviewed-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Signed-off-by: Peter Huewe <peterhuewe@gmx.de>
9 years agotpm/tpm_i2c_stm_st33: Few code cleanup
Christophe Ricard [Mon, 1 Dec 2014 18:32:57 +0000 (19:32 +0100)]
tpm/tpm_i2c_stm_st33: Few code cleanup

Cleanup code indentation, braces, test variable when NULL.

Reviewed-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Signed-off-by: Peter Huewe <peterhuewe@gmx.de>
9 years agotpm/tpm_i2c_stm_st33/dts/st33zp24_i2c: Add DTS Documentation
Christophe Ricard [Mon, 1 Dec 2014 18:32:56 +0000 (19:32 +0100)]
tpm/tpm_i2c_stm_st33/dts/st33zp24_i2c: Add DTS Documentation

st33zp24 tpm can be seen as a trivial i2c device as other i2c tpm.
However several other properties needs to be documented such as lpcpd.

Reviewed-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Signed-off-by: Peter Huewe <peterhuewe@gmx.de>
9 years agotpm/tpm_i2c_stm_st33: Add devicetree structure
Christophe Ricard [Mon, 1 Dec 2014 18:32:55 +0000 (19:32 +0100)]
tpm/tpm_i2c_stm_st33: Add devicetree structure

Add tpm_stm_st33_i2c dts structure keeping backward compatibility
with static platform_data support as well.
In the mean time to easy this update and to make it much simpler, we:
- Moved all gpio_request to devm_gpio_request_one primitive
- Moved request_irq to devm_request_irq

Reviewed-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Signed-off-by: Peter Huewe <peterhuewe@gmx.de>
9 years agotpm/tpm_i2c_stm_st33: Replace tpm_st33_* function with tpm_stm_*
Christophe Ricard [Mon, 1 Dec 2014 18:32:54 +0000 (19:32 +0100)]
tpm/tpm_i2c_stm_st33: Replace tpm_st33_* function with tpm_stm_*

For sanity, replace every tpm_st33_* with tpm_stm_*

Reviewed-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Signed-off-by: Peter Huewe <peterhuewe@gmx.de>
9 years agotpm/tpm_i2c_stm_st33: Replace err/rc/ret by ret for a function return code
Christophe Ricard [Mon, 1 Dec 2014 18:32:53 +0000 (19:32 +0100)]
tpm/tpm_i2c_stm_st33: Replace err/rc/ret by ret for a function return code

Some functions return err, rc or ret for a status code.

Return ret instead for all of them.

Reviewed-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Signed-off-by: Peter Huewe <peterhuewe@gmx.de>
9 years agotpm/tpm_i2c_stm_st33: Remove reference to io_serirq
Christophe Ricard [Mon, 1 Dec 2014 18:32:52 +0000 (19:32 +0100)]
tpm/tpm_i2c_stm_st33: Remove reference to io_serirq

The serirq gpio pin is used only as interrupt. After driver initialization,
the serirq signal is always used through interrupt and never with gpio
kernel API.

The irq can then be initialized during the platform_data definition within the client->irq pin.

Reviewed-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Signed-off-by: Peter Huewe <peterhuewe@gmx.de>
9 years agotpm/tpm_i2c_stm_st33: Add new tpm_stm_dev structure and remove tpm_i2c_buffer[0]...
Christophe Ricard [Mon, 1 Dec 2014 18:32:51 +0000 (19:32 +0100)]
tpm/tpm_i2c_stm_st33: Add new tpm_stm_dev structure and remove tpm_i2c_buffer[0], [1] buffer.

In order to clean big buffers in st33zp24_platform_data structure,
replace with tpm_stm_dev for driver internal usage.
As only one buffer is really necessary replace with buf field.

In the mean time move tpm_i2c_stm_st33.h to include/linux/platform_data.

Reviewed-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Signed-off-by: Peter Huewe <peterhuewe@gmx.de>
9 years agotpm/tpm_i2c_stm_st33: Move tpm registers to tpm_i2c_stm_st33.c
Christophe Ricard [Mon, 1 Dec 2014 18:32:50 +0000 (19:32 +0100)]
tpm/tpm_i2c_stm_st33: Move tpm registers to tpm_i2c_stm_st33.c

Move tpm registers to tpm_i2c_stm_st33.c.

Reviewed-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Signed-off-by: Peter Huewe <peterhuewe@gmx.de>
9 years agotpm/tpm_i2c_stm_st33: Fix few coding style error reported by scripts/checkpatch.pl
Christophe Ricard [Mon, 1 Dec 2014 18:32:49 +0000 (19:32 +0100)]
tpm/tpm_i2c_stm_st33: Fix few coding style error reported by scripts/checkpatch.pl

Fix:
- WARNING: Missing a blank line after declarations
- WARNING: braces {} are not necessary for any arm of this statement

Reviewed-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Signed-off-by: Peter Huewe <peterhuewe@gmx.de>
9 years agotpm/tpm_i2c_stm_st33: Change License header to have up to date address information
Christophe Ricard [Mon, 1 Dec 2014 18:32:48 +0000 (19:32 +0100)]
tpm/tpm_i2c_stm_st33: Change License header to have up to date address information

The Free Software Foundation may have mail address change.
In order to be sure to have up to date mail address give an url to
the license which includes accurate informations.

Reviewed-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Signed-off-by: Peter Huewe <peterhuewe@gmx.de>
9 years agotpm/tpm_i2c_stm_st33: Update Kconfig in order to be inline to other similar product
Christophe Ricard [Mon, 1 Dec 2014 18:32:47 +0000 (19:32 +0100)]
tpm/tpm_i2c_stm_st33: Update Kconfig in order to be inline to other similar product

STMicroelectronics i2c tpm is the only one to have a different tristate
label.

Rename it "TPM Interface Specification 1.2 Interface (I2C - STMicroelectronics)"

Reviewed-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
[phuewe: corrected module name in the helptext]
Signed-off-by: Peter Huewe <peterhuewe@gmx.de>
9 years agotpm/tpm_i2c_stm_st33: Fix potential bug in tpm_stm_i2c_send
Christophe Ricard [Mon, 1 Dec 2014 18:32:46 +0000 (19:32 +0100)]
tpm/tpm_i2c_stm_st33: Fix potential bug in tpm_stm_i2c_send

When sending data in tpm_stm_i2c_send, each loop iteration send buf.
Send buf + i instead as the goal of this for loop is to send a number
of byte from buf that fit in burstcnt. Once those byte are sent, we are
supposed to send the next ones.

The driver was working because the burstcount value returns always the maximum size for a TPM
command or response. (0x800 for a command and 0x400 for a response).

Cc: stable@vger.kernel.org
Reviewed-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Signed-off-by: Peter Huewe <peterhuewe@gmx.de>
9 years agochar: tpm: Deletion of unnecessary checks before the function call "tpm_dev_vendor_re...
Markus Elfring [Wed, 19 Nov 2014 13:44:15 +0000 (14:44 +0100)]
char: tpm: Deletion of unnecessary checks before the function call "tpm_dev_vendor_release"

The tpm_dev_vendor_release() function tests whether its argument is NULL
and then returns immediately. Thus the test around the call is not needed.

This issue was detected by using the Coccinelle software.

Signed-off-by: Markus Elfring <elfring@users.sourceforge.net>
Signed-off-by: Peter Huewe <peterhuewe@gmx.de>
9 years agotpm: remove unnecessary sizeof(u8)
Fabian Frederick [Sun, 16 Nov 2014 10:03:24 +0000 (11:03 +0100)]
tpm: remove unnecessary sizeof(u8)

sizeof(u8) is always 1.

Signed-off-by: Fabian Frederick <fabf@skynet.be>
Signed-off-by: Peter Huewe <peterhuewe@gmx.de>
9 years agotpm: Fix NULL return in tpm_ibmvtpm_get_desired_dma
Hon Ching (Vicky) Lo [Sun, 30 Nov 2014 14:01:28 +0000 (15:01 +0100)]
tpm: Fix NULL return in tpm_ibmvtpm_get_desired_dma

There was an oops in tpm_ibmvtpm_get_desired_dma, which caused
kernel panic during boot when vTPM is enabled in Power partition
configured in AMS mode.

vio_bus_probe calls vio_cmo_bus_probe which calls
tpm_ibmvtpm_get_desired_dma to get the size needed for DMA allocation.
The problem is, vio_cmo_bus_probe is called before calling probe, which
for vtpm is tpm_ibmvtpm_probe and it's this function that initializes
and sets up vtpm's CRQ and gets required data values.  Therefore,
since this has not yet been done, NULL is returned in attempt to get
the size for DMA allocation.

We added a NULL check.  In addition, a default buffer size will
be set when NULL is returned.

Cc: <stable@vger.kernel.org>
Signed-off-by: Hon Ching (Vicky) Lo <honclo@linux.vnet.ibm.com>
Signed-off-by: Peter Huewe <peterhuewe@gmx.de>
9 years agotpm_tis: verify interrupt during init
Scot Doyle [Wed, 24 Sep 2014 22:41:10 +0000 (22:41 +0000)]
tpm_tis: verify interrupt during init

Some machines, such as the Acer C720 and Toshiba CB35, have TPMs that do
not send IRQs while also having an ACPI TPM entry indicating that they
will be sent. These machines freeze on resume while the tpm_tis module
waits for an IRQ, eventually timing out.

When in interrupt mode, the tpm_tis module should receive an IRQ during
module init. Fall back to polling mode if none is received when expected.

Cc: <stable@vger.kernel.org>
Signed-off-by: Scot Doyle <lkml14@scotdoyle.com>
Tested-by: Michael Mullin <masmullin@gmail.com>
Reviewed-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
[phuewe: minor checkpatch fixed]
Signed-off-by: Peter Huewe <peterhuewe@gmx.de>
9 years agochar: tpm: Add missing error check for devm_kzalloc
Kiran Padwal [Fri, 19 Sep 2014 07:14:39 +0000 (12:44 +0530)]
char: tpm: Add missing error check for devm_kzalloc

Currently these driver are missing a check on the return value of devm_kzalloc,
which would cause a NULL pointer dereference in a OOM situation.

This patch adds a missing check for tpm_i2c_atmel.c and tpm_i2c_nuvoton.c

Cc: stable@vger.kernel.org
Signed-off-by: Kiran Padwal <kiran.padwal@smartplayin.com>
Reviewed-By: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
Signed-off-by: Peter Huewe <peterhuewe@gmx.de>
9 years agoTPM: Add new TPMs to the tail of the list to prevent inadvertent change of dev
David Howells [Fri, 29 Aug 2014 09:33:02 +0000 (10:33 +0100)]
TPM: Add new TPMs to the tail of the list to prevent inadvertent change of dev

Add newly registered TPMs to the tail of the list, not the beginning, so that
things that are specifying TPM_ANY_NUM don't find that the device they're
using has inadvertently changed.  Adding a second device would break IMA, for
instance.

Cc: stable@vger.kernel.org
Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
Signed-off-by: Peter Huewe <peterhuewe@gmx.de>
9 years agoMerge tag 'keys-next-fixes-20150114' of git://git.kernel.org/pub/scm/linux/kernel...
James Morris [Thu, 15 Jan 2015 00:30:54 +0000 (11:30 +1100)]
Merge tag 'keys-next-fixes-20150114' of git://git./linux/kernel/git/dhowells/linux-fs into next

9 years agoMerge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
Linus Torvalds [Wed, 14 Jan 2015 22:17:37 +0000 (11:17 +1300)]
Merge git://git./linux/kernel/git/davem/net

Pull networking fixes from David Miller:

 1) Don't use uninitialized data in IPVS, from Dan Carpenter.

 2) conntrack race fixes from Pablo Neira Ayuso.

 3) Fix TX hangs with i40e, from Jesse Brandeburg.

 4) Fix budget return from poll calls in dnet and alx, from Eric
    Dumazet.

 5) Fix bugus "if (unlikely(x) < 0)" test in AF_PACKET, from Christoph
    Jaeger.

 6) Fix bug introduced by conversion to list_head in TIPC retransmit
    code, from Jon Paul Maloy.

 7) Don't use GFP_NOIO under spinlock in USB kaweth driver, from Alexey
    Khoroshilov.

 8) Fix bridge build with INET disabled, from Arnd Bergmann.

 9) Fix netlink array overrun for PROBE attributes in openvswitch, from
    Thomas Graf.

10) Don't hold spinlock across synchronize_irq() in tg3 driver, from
    Prashant Sreedharan.

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (44 commits)
  tg3: Release tp->lock before invoking synchronize_irq()
  tg3: tg3_reset_task() needs to use rtnl_lock to synchronize
  tg3: tg3_timer() should grab tp->lock before checking for tp->irq_sync
  team: avoid possible underflow of count_pending value for notify_peers and mcast_rejoin
  openvswitch: packet messages need their own probe attribtue
  i40e: adds FCoE configure option
  cxgb4vf: Fix queue allocation for 40G adapter
  netdevice: Add missing parentheses in macro
  bridge: only provide proxy ARP when CONFIG_INET is enabled
  neighbour: fix base_reachable_time(_ms) not effective immediatly when changed
  net: fec: fix MDIO bus assignement for dual fec SoC's
  xen-netfront: use different locks for Rx and Tx stats
  drivers: net: cpsw: fix multicast flush in dual emac mode
  cxgb4vf: Initialize mdio_addr before using it
  net: Corrected the comment describing the ndo operations to reflect the actual prototype for couple of operations
  usb/kaweth: use GFP_ATOMIC under spin_lock in usb_start_wait_urb()
  MAINTAINERS: add me as ibmveth maintainer
  tipc: fix bug in broadcast retransmit code
  update ip-sysctl.txt documentation (v2)
  net/at91_ether: prepare and unprepare clock
  ...

9 years agoMerge branch 'tg3-net'
David S. Miller [Wed, 14 Jan 2015 22:05:55 +0000 (17:05 -0500)]
Merge branch 'tg3-net'

Prashant Sreedharan says:

====================
tg3: synchronize_irq() should be called without taking locks

v2: Added Reported-by, Tested-by fields and reference to the thread that
    reported the problem

This series addresses the problem reported by Peter Hurley in mail thread
https://lkml.org/lkml/2015/1/12/1082
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agotg3: Release tp->lock before invoking synchronize_irq()
Prashant Sreedharan [Wed, 14 Jan 2015 19:34:44 +0000 (11:34 -0800)]
tg3: Release tp->lock before invoking synchronize_irq()

synchronize_irq() can sleep waiting, for pending IRQ handlers so driver
should release the tp->lock spin lock before invoking synchronize_irq()

Reported-by: Peter Hurley <peter@hurleysoftware.com>
Tested-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Prashant Sreedharan <prashant@broadcom.com>
Signed-off-by: Michael Chan <mchan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agotg3: tg3_reset_task() needs to use rtnl_lock to synchronize
Prashant Sreedharan [Wed, 14 Jan 2015 19:34:17 +0000 (11:34 -0800)]
tg3: tg3_reset_task() needs to use rtnl_lock to synchronize

Currently tg3_reset_task() uses only tp->lock for synchronizing with code
paths like tg3_open() etc. But since tp->lock is released before doing
synchronize_irq(), rtnl_lock should be taken in tg3_reset_task() to
synchronize it with other code paths.

Reported-by: Peter Hurley <peter@hurleysoftware.com>
Tested-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Prashant Sreedharan <prashant@broadcom.com>
Signed-off-by: Michael Chan <mchan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agotg3: tg3_timer() should grab tp->lock before checking for tp->irq_sync
Prashant Sreedharan [Wed, 14 Jan 2015 19:33:49 +0000 (11:33 -0800)]
tg3: tg3_timer() should grab tp->lock before checking for tp->irq_sync

This is to avoid the race between tg3_timer() and the execution paths
which does not invoke tg3_timer_stop() and releases tp->lock before
calling synchronize_irq()

Reported-by: Peter Hurley <peter@hurleysoftware.com>
Tested-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Prashant Sreedharan <prashant@broadcom.com>
Signed-off-by: Michael Chan <mchan@broadcom.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agoMerge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm
Linus Torvalds [Wed, 14 Jan 2015 21:54:30 +0000 (10:54 +1300)]
Merge tag 'for-linus' of git://git./virt/kvm/kvm

Pull kvm fixes from Paolo Bonzini:
 "Two bugfixes for arm64.  I will have another pull request next week,
  but otherwise things are calm"

* tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
  arm64: KVM: Fix HCR setting for 32bit guests
  arm64: KVM: Fix TLB invalidation by IPA/VMID

9 years agoteam: avoid possible underflow of count_pending value for notify_peers and mcast_rejoin
Jiri Pirko [Wed, 14 Jan 2015 17:15:30 +0000 (18:15 +0100)]
team: avoid possible underflow of count_pending value for notify_peers and mcast_rejoin

This patch is fixing a race condition that may cause setting
count_pending to -1, which results in unwanted big bulk of arp messages
(in case of "notify peers").

Consider following scenario:

count_pending == 2
   CPU0                                           CPU1
team_notify_peers_work
  atomic_dec_and_test (dec count_pending to 1)
  schedule_delayed_work
 team_notify_peers
   atomic_add (adding 1 to count_pending)
team_notify_peers_work
  atomic_dec_and_test (dec count_pending to 1)
  schedule_delayed_work
team_notify_peers_work
  atomic_dec_and_test (dec count_pending to 0)
   schedule_delayed_work
team_notify_peers_work
  atomic_dec_and_test (dec count_pending to -1)

Fix this race by using atomic_dec_if_positive - that will prevent
count_pending running under 0.

Fixes: fc423ff00df3a1955441 ("team: add peer notification")
Fixes: 492b200efdd20b8fcfd ("team: add support for sending multicast rejoins")
Signed-off-by: Jiri Pirko <jiri@resnulli.us>
Signed-off-by: Jiri Benc <jbenc@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agoMerge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux
Linus Torvalds [Wed, 14 Jan 2015 21:50:29 +0000 (10:50 +1300)]
Merge branch 'for-linus' of git://git./linux/kernel/git/s390/linux

Pull s390 fixes from Martin Schwidefsky:
 "Two small performance tweaks, the plumbing for the execveat system
  call and a couple of bug fixes"

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
  s390/uprobes: fix user space PER events
  s390/bpf: Fix JMP_JGE_X (A > X) and JMP_JGT_X (A >= X)
  s390/bpf: Fix ALU_NEG (A = -A)
  s390/mm: avoid using pmd_to_page for !USE_SPLIT_PMD_PTLOCKS
  s390/timex: fix get_tod_clock_ext() inline assembly
  s390: wire up execveat syscall
  s390/kernel: use stnsm 255 instead of stosm 0
  s390/vtime: Get rid of redundant WARN_ON
  s390/zcrypt: kernel oops at insmod of the z90crypt device driver

9 years agoopenvswitch: packet messages need their own probe attribtue
Thomas Graf [Wed, 14 Jan 2015 13:56:19 +0000 (13:56 +0000)]
openvswitch: packet messages need their own probe attribtue

User space is currently sending a OVS_FLOW_ATTR_PROBE for both flow
and packet messages. This leads to an out-of-bounds access in
ovs_packet_cmd_execute() because OVS_FLOW_ATTR_PROBE >
OVS_PACKET_ATTR_MAX.

Introduce a new OVS_PACKET_ATTR_PROBE with the same numeric value
as OVS_FLOW_ATTR_PROBE to grow the range of accepted packet attributes
while maintaining to be binary compatible with existing OVS binaries.

Fixes: 05da589 ("openvswitch: Add support for OVS_FLOW_ATTR_PROBE.")
Reported-by: Sander Eikelenboom <linux@eikelenboom.it>
Tracked-down-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Thomas Graf <tgraf@suug.ch>
Reviewed-by: Jesse Gross <jesse@nicira.com>
Acked-by: Pravin B Shelar <pshelar@nicira.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agoi40e: adds FCoE configure option
Vasu Dev [Wed, 14 Jan 2015 13:14:07 +0000 (05:14 -0800)]
i40e: adds FCoE configure option

Adds FCoE config option I40E_FCOE, so that FCoE can be enabled
as needed but otherwise have it disabled by default.

This also eliminate multiple FCoE config checks, instead now just
one config check for CONFIG_I40E_FCOE.

The I40E FCoE was added with 3.17 kernel and therefore this patch
shall be applied to stable 3.17 kernel also.

CC: <stable@vger.kernel.org>
Signed-off-by: Vasu Dev <vasu.dev@intel.com>
Tested-by: Jim Young <jamesx.m.young@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agocxgb4vf: Fix queue allocation for 40G adapter
Hariprasad Shenai [Wed, 14 Jan 2015 12:28:10 +0000 (17:58 +0530)]
cxgb4vf: Fix queue allocation for 40G adapter

Signed-off-by: Hariprasad Shenai <hariprasad@chelsio.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agoMerge tag 'locks-v3.19-1' of git://git.samba.org/jlayton/linux
Linus Torvalds [Wed, 14 Jan 2015 21:38:07 +0000 (10:38 +1300)]
Merge tag 'locks-v3.19-1' of git://git.samba.org/jlayton/linux

Pull file locking fix from Jeff Layton:
 "Just a simple bugfix for a regression that I introduced into v3.18
  with the internal lease API overhaul -- mea culpa.  Kudos to Linda and
  Neil for tracking this down and fixing it"

* tag 'locks-v3.19-1' of git://git.samba.org/jlayton/linux:
  locks: fix NULL-deref in generic_delete_lease

9 years agonetdevice: Add missing parentheses in macro
Benjamin Poirier [Wed, 14 Jan 2015 07:52:35 +0000 (16:52 +0900)]
netdevice: Add missing parentheses in macro

For example, one could conceivably call
for_each_netdev_in_bond_rcu(condition ? bond1 : bond2, slave)
and get an unexpected result.

Signed-off-by: Benjamin Poirier <bpoirier@suse.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agoMerge branch 'for-linus' of git://git.kernel.dk/linux-block
Linus Torvalds [Wed, 14 Jan 2015 21:27:56 +0000 (10:27 +1300)]
Merge branch 'for-linus' of git://git.kernel.dk/linux-block

Pull block layer fixes from Jens Axboe:
 "The major part is an update to the NVMe driver, fixing various issues
  around surprise removal and hung controllers.  Most of that is from
  Keith, and parts are simple blk-mq fixes or exports/additions of minor
  functions to aid this effort, and parts are changes directly to the
  NVMe driver.

  Apart from the above, this contains:

   - Small blk-mq change from me, killing an unused member of the
     hardware queue structure.

   - Small fix from Ming Lei, fixing up a few drivers that didn't
     properly check for ERR_PTR() returns from blk_mq_init_queue()"

* 'for-linus' of git://git.kernel.dk/linux-block:
  NVMe: Fix locking on abort handling
  NVMe: Start and stop h/w queues on reset
  NVMe: Command abort handling fixes
  NVMe: Admin queue removal handling
  NVMe: Reference count admin queue usage
  NVMe: Start all requests
  blk-mq: End unstarted requests on a dying queue
  blk-mq: Allow requests to never expire
  blk-mq: Add helper to abort requeued requests
  blk-mq: Let drivers cancel requeue_work
  blk-mq: Export if requests were started
  blk-mq: Wake tasks entering queue on dying
  blk-mq: get rid of ->cmd_size in the hardware queue
  block: fix checking return value of blk_mq_init_queue
  block: wake up waiters when a queue is marked dying
  NVMe: Fix double free irq
  blk-mq: Export freeze/unfreeze functions
  blk-mq: Exit queue on alloc failure

9 years agobridge: only provide proxy ARP when CONFIG_INET is enabled
Arnd Bergmann [Tue, 13 Jan 2015 14:10:27 +0000 (15:10 +0100)]
bridge: only provide proxy ARP when CONFIG_INET is enabled

When IPV4 support is disabled, we cannot call arp_send from
the bridge code, which would result in a kernel link error:

net/built-in.o: In function `br_handle_frame_finish':
:(.text+0x59914): undefined reference to `arp_send'
:(.text+0x59a50): undefined reference to `arp_tbl'

This makes the newly added proxy ARP support in the bridge
code depend on the CONFIG_INET symbol and lets the compiler
optimize the code out to avoid the link error.

Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Fixes: 958501163ddd ("bridge: Add support for IEEE 802.11 Proxy ARP")
Cc: Kyeyoon Park <kyeyoonp@codeaurora.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agoMPILIB: Fix comparison of negative MPIs
Rasmus Villemoes [Wed, 14 Jan 2015 16:10:12 +0000 (16:10 +0000)]
MPILIB: Fix comparison of negative MPIs

If u and v both represent negative integers and their limb counts
happen to differ, mpi_cmp will always return a positive value - this
is obviously bogus. u is smaller than v if and only if it is larger in
absolute value.

Signed-off-by: Rasmus Villemoes <linux@rasmusvillemoes.dk>
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Dmitry Kasatkin <dmitry.kasatkin@gmail.com>
9 years agoMPILIB: Fix obvious but harmless typo
Rasmus Villemoes [Wed, 14 Jan 2015 15:16:00 +0000 (15:16 +0000)]
MPILIB: Fix obvious but harmless typo

The macro MPN_COPY_INCR this occurs in isn't used anywhere.

Signed-off-by: Rasmus Villemoes <linux@rasmusvillemoes.dk>
Signed-off-by: David Howells <dhowells@redhat.com>
9 years agoMPILIB: Deobfuscate mpi_cmp
Rasmus Villemoes [Wed, 14 Jan 2015 15:15:57 +0000 (15:15 +0000)]
MPILIB: Deobfuscate mpi_cmp

The condition preceding 'return 1;' makes my head hurt. At this point,
we know that u and v have the same sign; if they are negative, they
compare opposite to how their absolute values compare (which
mpihelp_cmp found for us), otherwise cmp itself is the
answer. Negating cmp is ok since mpihelp_cmp returns {-1,0,1};
-INT_MIN==INT_MIN won't bite us.

Signed-off-by: Rasmus Villemoes <linux@rasmusvillemoes.dk>
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Dmitry Kasatkin <dmitry.kasatkin@gmail.com>
9 years agoneighbour: fix base_reachable_time(_ms) not effective immediatly when changed
Jean-Francois Remy [Wed, 14 Jan 2015 03:22:39 +0000 (04:22 +0100)]
neighbour: fix base_reachable_time(_ms) not effective immediatly when changed

When setting base_reachable_time or base_reachable_time_ms on a
specific interface through sysctl or netlink, the reachable_time
value is not updated.

This means that neighbour entries will continue to be updated using the
old value until it is recomputed in neigh_period_work (which
    recomputes the value every 300*HZ).
On systems with HZ equal to 1000 for instance, it means 5mins before
the change is effective.

This patch changes this behavior by recomputing reachable_time after
each set on base_reachable_time or base_reachable_time_ms.
The new value will become effective the next time the neighbour's timer
is triggered.

Changes are made in two places: the netlink code for set and the sysctl
handling code. For sysctl, I use a proc_handler. The ipv6 network
code does provide its own handler but it already refreshes
reachable_time correctly so it's not an issue.
Any other user of neighbour which provide its own handlers must
refresh reachable_time.

Signed-off-by: Jean-Francois Remy <jeff@melix.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agonet: fec: fix MDIO bus assignement for dual fec SoC's
Stefan Agner [Tue, 13 Jan 2015 23:20:21 +0000 (00:20 +0100)]
net: fec: fix MDIO bus assignement for dual fec SoC's

On i.MX28, the MDIO bus is shared between the two FEC instances.
The driver makes sure that the second FEC uses the MDIO bus of the
first FEC. This is done conditionally if FEC_QUIRK_ENET_MAC is set.
However, in newer designs, such as Vybrid or i.MX6SX, each FEC MAC
has its own MDIO bus. Simply removing the quirk FEC_QUIRK_ENET_MAC
is not an option since other logic, triggered by this quirk, is
still needed.

Furthermore, there are board designs which use the same MDIO bus
for both PHY's even though the second bus would be available on the
SoC side. Such layout are popular since it saves pins on SoC side.
Due to the above quirk, those boards currently do work fine. The
boards in the mainline tree with such a layout are:
- Freescale Vybrid Tower with TWR-SER2 (vf610-twr.dts)
- Freescale i.MX6 SoloX SDB Board (imx6sx-sdb.dts)

This patch adds a new quirk FEC_QUIRK_SINGLE_MDIO for i.MX28, which
makes sure that the MDIO bus of the first FEC is used in any case.

However, the boards above do have a SoC with a MDIO bus for each FEC
instance. But the PHY's are not connected in a 1:1 configuration. A
proper device tree description is needed to allow the driver to
figure out where to find its PHY. This patch fixes that shortcoming
by adding a MDIO bus child node to the first FEC instance, along
with the two PHY's on that bus, and making use of the phy-handle
property to add a reference to the PHY's.

Acked-by: Sascha Hauer <s.hauer@pengutronix.de>
Signed-off-by: Stefan Agner <stefan@agner.ch>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agoMerge branch 'leds-fixes-for-3.19' of git://git.kernel.org/pub/scm/linux/kernel/git...
Linus Torvalds [Tue, 13 Jan 2015 23:22:56 +0000 (12:22 +1300)]
Merge branch 'leds-fixes-for-3.19' of git://git./linux/kernel/git/cooloney/linux-leds

Pull LED fix from Bryan Wu.

* 'leds-fixes-for-3.19' of git://git.kernel.org/pub/scm/linux/kernel/git/cooloney/linux-leds:
  leds: netxbig: fix oops at probe time

9 years agoMerge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/borntraeger...
Linus Torvalds [Tue, 13 Jan 2015 22:54:12 +0000 (11:54 +1300)]
Merge tag 'for-linus' of git://git./linux/kernel/git/borntraeger/linux

Pull WRITE_ONCE argument order change from Christian Borntraeger:
 "As discussed on LKML[1] it was agreed that WRITE_ONCE(x, val) is
  better than ASSIGN_ONCE(val, x)

  Lets change that for 3.19 as 3.19 has no user yet, but the first users
  will hit linux-next soon"

[1] http://marc.info/?l=linux-kernel&m=142081181707596

* tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/borntraeger/linux:
  kernel: Change ASSIGN_ONCE(val, x) to WRITE_ONCE(x, val)

9 years agoxen-netfront: use different locks for Rx and Tx stats
David Vrabel [Tue, 13 Jan 2015 16:42:42 +0000 (16:42 +0000)]
xen-netfront: use different locks for Rx and Tx stats

In netfront the Rx and Tx path are independent and use different
locks.  The Tx lock is held with hard irqs disabled, but Rx lock is
held with only BH disabled.  Since both sides use the same stats lock,
a deadlock may occur.

  [ INFO: possible irq lock inversion dependency detected ]
  3.16.2 #16 Not tainted
  ---------------------------------------------------------
  swapper/0/0 just changed the state of lock:
   (&(&queue->tx_lock)->rlock){-.....}, at: [<c03adec8>]
  xennet_tx_interrupt+0x14/0x34
  but this lock took another, HARDIRQ-unsafe lock in the past:
   (&stat->syncp.seq#2){+.-...}
  and interrupts could create inverse lock ordering between them.
  other info that might help us debug this:
   Possible interrupt unsafe locking scenario:

         CPU0                    CPU1
         ----                    ----
    lock(&stat->syncp.seq#2);
                                 local_irq_disable();
                                 lock(&(&queue->tx_lock)->rlock);
                                 lock(&stat->syncp.seq#2);
    <Interrupt>
      lock(&(&queue->tx_lock)->rlock);

Using separate locks for the Rx and Tx stats fixes this deadlock.

Reported-by: Dmitry Piotrovsky <piotrovskydmitry@gmail.com>
Signed-off-by: David Vrabel <david.vrabel@citrix.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agodrivers: net: cpsw: fix multicast flush in dual emac mode
Mugunthan V N [Tue, 13 Jan 2015 12:05:49 +0000 (17:35 +0530)]
drivers: net: cpsw: fix multicast flush in dual emac mode

Since ALE table is a common resource for both the interfaces in Dual EMAC
mode and while bringing up the second interface in cpsw_ndo_set_rx_mode()
all the multicast entries added by the first interface is flushed out and
only second interface multicast addresses are added. Fixing this by
flushing multicast addresses based on dual EMAC port vlans which will not
affect the other emac port multicast addresses.

Fixes: d9ba8f9 (driver: net: ethernet: cpsw: dual emac interface implementation)
Cc: <stable@vger.kernel.org> # v3.9+
Signed-off-by: Mugunthan V N <mugunthanvnm@ti.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agoleds: netxbig: fix oops at probe time
Simon Guinot [Tue, 2 Dec 2014 15:32:10 +0000 (07:32 -0800)]
leds: netxbig: fix oops at probe time

This patch fixes a NULL pointer dereference on led_dat->mode_val. Due to
this bug, a kernel oops can be observed at probe time on the LaCie 2Big
and 5Big v2 boards:

Unable to handle kernel NULL pointer dereference at virtual address 00000008
[...]
[<c03f244c>] (netxbig_led_probe) from [<c02c8c6c>] (platform_drv_probe+0x4c/0x9c)
[<c02c8c6c>] (platform_drv_probe) from [<c02c72d0>] (driver_probe_device+0x98/0x25c)
[<c02c72d0>] (driver_probe_device) from [<c02c7520>] (__driver_attach+0x8c/0x90)
[<c02c7520>] (__driver_attach) from [<c02c5c24>] (bus_for_each_dev+0x68/0x94)
[<c02c5c24>] (bus_for_each_dev) from [<c02c6408>] (bus_add_driver+0x124/0x1dc)
[<c02c6408>] (bus_add_driver) from [<c02c7ac0>] (driver_register+0x78/0xf8)
[<c02c7ac0>] (driver_register) from [<c000888c>] (do_one_initcall+0x80/0x1cc)
[<c000888c>] (do_one_initcall) from [<c0733618>] (kernel_init_freeable+0xe4/0x1b4)
[<c0733618>] (kernel_init_freeable) from [<c058db9c>] (kernel_init+0xc/0xec)
[<c058db9c>] (kernel_init) from [<c0009850>] (ret_from_fork+0x14/0x24)
[...]

This bug was introduced by commit 588a6a99286ae30afb1339d8bc2163517b1b7dd1
("leds: netxbig: fix attribute-creation race").

Signed-off-by: Simon Guinot <simon.guinot@sequanux.org>
Cc: <stable@vger.kernel.org> # 3.17+
Acked-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Bryan Wu <cooloney@gmail.com>
9 years agocxgb4vf: Initialize mdio_addr before using it
Hariprasad Shenai [Mon, 12 Jan 2015 16:36:16 +0000 (22:06 +0530)]
cxgb4vf: Initialize mdio_addr before using it

In commit 5ad24def21b205a8 ("cxgb4vf: Fix ethtool get_settings for VF driver")
mdio_addr of port_info structure was used unininitialzed. Fixing it.

Signed-off-by: Hariprasad Shenai <hariprasad@chelsio.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agokernel: Change ASSIGN_ONCE(val, x) to WRITE_ONCE(x, val)
Christian Borntraeger [Tue, 13 Jan 2015 09:46:42 +0000 (10:46 +0100)]
kernel: Change ASSIGN_ONCE(val, x) to WRITE_ONCE(x, val)

Feedback has shown that WRITE_ONCE(x, val) is easier to use than
ASSIGN_ONCE(val,x).
There are no in-tree users yet, so lets change it for 3.19.

Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Acked-by: Peter Zijlstra <peterz@infradead.org>
Acked-by: Davidlohr Bueso <dave@stgolabs.net>
Acked-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
9 years agoMerge tag 'linux-kselftest-3.19-rc-5' of git://git.kernel.org/pub/scm/linux/kernel...
Linus Torvalds [Tue, 13 Jan 2015 19:09:14 +0000 (08:09 +1300)]
Merge tag 'linux-kselftest-3.19-rc-5' of git://git./linux/kernel/git/shuah/linux-kselftest

Pull kselftest fixes from Shuah Khan:
 "This update contains three patches to fix one compile error, and two
  run-time bugs.  One of them fixes infinite loop on ARM"

* tag 'linux-kselftest-3.19-rc-5' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest:
  selftests/vm: fix link error for transhuge-stress test
  tools: testing: selftests: mq_perf_tests: Fix infinite loop on ARM
  selftests/exec: allow shell return code of 126

9 years agoMerge tag 'stable/for-linus-3.19-rc4-tag' of git://git.kernel.org/pub/scm/linux/kerne...
Linus Torvalds [Tue, 13 Jan 2015 19:07:42 +0000 (08:07 +1300)]
Merge tag 'stable/for-linus-3.19-rc4-tag' of git://git./linux/kernel/git/xen/tip

Pull xen bug fixes from David Vrabel:
 "Several critical linear p2m fixes that prevented some hosts from
  booting"

* tag 'stable/for-linus-3.19-rc4-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip:
  x86/xen: properly retrieve NMI reason
  xen: check for zero sized area when invalidating memory
  xen: use correct type for physical addresses
  xen: correct race in alloc_p2m_pmd()
  xen: correct error for building p2m list on 32 bits
  x86/xen: avoid freeing static 'name' when kasprintf() fails
  x86/xen: add extra memory for remapped frames during setup
  x86/xen: don't count how many PFNs are identity mapped
  x86/xen: Free bootmem in free_p2m_page() during early boot
  x86/xen: Remove unnecessary BUG_ON(preemptible()) in xen_setup_timer()

9 years agonet: Corrected the comment describing the ndo operations to reflect the actual protot...
B Viswanath [Mon, 12 Jan 2015 09:16:25 +0000 (14:46 +0530)]
net: Corrected the comment describing the ndo operations to reflect the actual prototype for couple of operations

Corrected the comment describing the ndo operations to
reflect the actual prototype for couple of operations

Signed-off-by: B Viswanath <marichika4@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agoMerge branch 'for-rc' of git://git.kernel.org/pub/scm/linux/kernel/git/rzhang/linux
Linus Torvalds [Tue, 13 Jan 2015 18:53:51 +0000 (07:53 +1300)]
Merge branch 'for-rc' of git://git./linux/kernel/git/rzhang/linux

Pull thermal management fixes from Zhang Rui:
 "Specifics:

   - Fix a problem that Intel SoC DTS thermal driver does not work when
     CONFIG_THERMAL_INT340X is not set.

   - Fix a NULL pointer dereference when processor_thermal_device driver
     is loaded on a platform without ACPI support"

* 'for-rc' of git://git.kernel.org/pub/scm/linux/kernel/git/rzhang/linux:
  int340x_thermal/processor_thermal_device: return failure when
  ACPI/int340x_thermal: enumerate INT3401 for Intel SoC DTS thermal driver
  ACPI/int340x_thermal: enumerate INT340X devices even if they're not in _ART/_TRT

9 years agolocks: fix NULL-deref in generic_delete_lease
NeilBrown [Tue, 13 Jan 2015 02:17:43 +0000 (15:17 +1300)]
locks: fix NULL-deref in generic_delete_lease

commit 0efaa7e82f02fe69c05ad28e905f31fc86e6f08e
  locks: generic_delete_lease doesn't need a file_lock at all

moves the call to fl->fl_lmops->lm_change() to a place in the
code where fl might be a non-lease lock.
When that happens, fl_lmops is NULL and an Oops ensures.

So add an extra test to restore correct functioning.

Reported-by: Linda Walsh <suse@tlinx.org>
Link: https://bugzilla.suse.com/show_bug.cgi?id=912569
Cc: stable@vger.kernel.org (v3.18)
Fixes: 0efaa7e82f02fe69c05ad28e905f31fc86e6f08e
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Jeff Layton <jlayton@primarydata.com>
9 years agox86/xen: properly retrieve NMI reason
Jan Beulich [Tue, 13 Jan 2015 07:40:05 +0000 (07:40 +0000)]
x86/xen: properly retrieve NMI reason

Using the native code here can't work properly, as the hypervisor would
normally have cleared the two reason bits by the time Dom0 gets to see
the NMI (if passed to it at all). There's a shared info field for this,
and there's an existing hook to use - just fit the two together. This
is particularly relevant so that NMIs intended to be handled by APEI /
GHES actually make it to the respective handler.

Note that the hook can (and should) be used irrespective of whether
being in Dom0, as accessing port 0x61 in a DomU would be even worse,
while the shared info field would just hold zero all the time. Note
further that hardware NMI handling for PVH doesn't currently work
anyway due to missing code in the hypervisor (but it is expected to
work the native rather than the PV way).

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Signed-off-by: David Vrabel <david.vrabel@citrix.com>
9 years agoMerge tag 'gpio-v3.19-3' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw...
Linus Torvalds [Tue, 13 Jan 2015 02:29:42 +0000 (15:29 +1300)]
Merge tag 'gpio-v3.19-3' of git://git./linux/kernel/git/linusw/linux-gpio

Pull gpio fixes from Linus Walleij:
 "Here are some GPIO fixes, mainly affecting the DLN2 IRQ handling.
  Nothing special about them, just fixes:

   - Three patches fixing IRQ handling for the DLN2
   - Null pointer handling for grgpio"

* tag 'gpio-v3.19-3' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio:
  gpio: dln2: use bus_sync_unlock instead of scheduling work
  gpio: grgpio: Avoid potential NULL pointer dereference
  gpio: dln2: Fix gpio output value in dln2_gpio_direction_output()
  gpio: dln2: fix issue when an IRQ is unmasked then enabled

9 years agoMerge tag 'mmc-v3.19-3' of git://git.linaro.org/people/ulf.hansson/mmc
Linus Torvalds [Tue, 13 Jan 2015 02:25:23 +0000 (15:25 +1300)]
Merge tag 'mmc-v3.19-3' of git://git.linaro.org/people/ulf.hansson/mmc

Pull MMC fixes from Ulf Hansson:
 "MMC host:
   - sdhci-pci|acpi: Support some new IDs
   - sdhci: Fix sleep from atomic context
   - sdhci-pxav3: Prevent hang during ->probe()
   - sdhci: Disable re-tuning for HS400"

* tag 'mmc-v3.19-3' of git://git.linaro.org/people/ulf.hansson/mmc:
  mmc: sdhci-pci: Add support for Intel SPT
  mmc: sdhci-acpi: Add ACPI HID INT344D
  mmc: sdhci: Fix sleep in atomic after inserting SD card
  mmc: sdhci-pxav3: do the mbus window configuration after enabling clocks
  mmc: sdhci: Disable re-tuning for HS400
  mmc: sdhci: Simplify use of tuning timer
  mmc: sdhci: Add out_unlock to sdhci_execute_tuning
  mmc: sdhci: Tuning should not change max_blk_count

9 years agoMerge git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending
Linus Torvalds [Tue, 13 Jan 2015 02:23:26 +0000 (15:23 +1300)]
Merge git://git./linux/kernel/git/nab/target-pending

Pull scsi target fixes from Nicholas Bellinger:
 "Mostly minor fixes this time, including:

   - Add missing virtio-scsi -> TCM attribute conversion in vhost-scsi.
   - Fix persistent reservations write exclusive handling to allow
     readers for all registered I_T nexuses.
   - Drop arbitrary maximum I/O size limit in order to process I/Os
     larger than 4 MB, required for initiators that don't honor block
     limits EVPD.
   - Drop the now left-over fabric_max_sectors attribute"

* git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending:
  iscsi-target: Fix typos in enum cmd_flags_table
  MAINTAINERS: Add entry for iSER target driver
  target: Allow Write Exclusive non-reservation holders to READ
  target: Drop left-over fabric_max_sectors attribute
  target: Drop arbitrary maximum I/O size limit
  Documentation/target: Update fabric_ops to latest code
  vhost-scsi: Add missing virtio-scsi -> TCM attribute conversion

9 years agomm: mmu_gather: use tlb->end != 0 only for TLB invalidation
Will Deacon [Mon, 12 Jan 2015 19:10:55 +0000 (19:10 +0000)]
mm: mmu_gather: use tlb->end != 0 only for TLB invalidation

When batching up address ranges for TLB invalidation, we check tlb->end
!= 0 to indicate that some pages have actually been unmapped.

As of commit f045bbb9fa1b ("mmu_gather: fix over-eager
tlb_flush_mmu_free() calling"), we use the same check for freeing these
pages in order to avoid a performance regression where we call
free_pages_and_swap_cache even when no pages are actually queued up.

Unfortunately, the range could have been reset (tlb->end = 0) by
tlb_end_vma, which has been shown to cause memory leaks on arm64.
Furthermore, investigation into these leaks revealed that the fullmm
case on task exit no longer invalidates the TLB, by virtue of tlb->end
 == 0 (in 3.18, need_flush would have been set).

This patch resolves the problem by reverting commit f045bbb9fa1b, using
instead tlb->local.nr as the predicate for page freeing in
tlb_flush_mmu_free and ensuring that tlb->end is initialised to a
non-zero value in the fullmm case.

Tested-by: Mark Langsdorf <mlangsdo@redhat.com>
Tested-by: Dave Hansen <dave@sr71.net>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
9 years agousb/kaweth: use GFP_ATOMIC under spin_lock in usb_start_wait_urb()
Alexey Khoroshilov [Fri, 9 Jan 2015 23:16:22 +0000 (02:16 +0300)]
usb/kaweth: use GFP_ATOMIC under spin_lock in usb_start_wait_urb()

Commit e4c7f259c5be ("USB: kaweth.c: use GFP_ATOMIC under spin_lock")
makes sure that kaweth_internal_control_msg() allocates memory with GFP_ATOMIC,
but kaweth_internal_control_msg() also calls usb_start_wait_urb()
that still allocates memory with GFP_NOIO.

The patch fixes usb_start_wait_urb() as well.

Found by Linux Driver Verification project (linuxtesting.org).

Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru>
Acked-by: Oliver Neukum <oliver@neukum.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agoMAINTAINERS: add me as ibmveth maintainer
Thomas Falcon [Fri, 9 Jan 2015 20:29:40 +0000 (14:29 -0600)]
MAINTAINERS: add me as ibmveth maintainer

Adding myself as the ibmveth maintainer and replacing
Santiago Leon.

Signed-off-by: Thomas Falcon <tlfalcon@linux.vnet.ibm.com>
Cc: Santiago Leon <santi_leon@yahoo.com>
Cc: Brian King <brking@linux.vnet.ibm.com>
Cc: Nathan Fontenot <nfont@linux.vnet.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agotipc: fix bug in broadcast retransmit code
Jon Paul Maloy [Thu, 8 Jan 2015 17:27:27 +0000 (12:27 -0500)]
tipc: fix bug in broadcast retransmit code

In commit 58dc55f25631178ee74cd27185956a8f7dcb3e32 ("tipc: use generic
SKB list APIs to manage link transmission queue") we replace all list
traversal loops with the macros skb_queue_walk() or
skb_queue_walk_safe(). While the previous loops were based on the
assumption that the list was NULL-terminated, the standard macros
stop when the iterator reaches the list head, which is non-NULL.

In the function bclink_retransmit_pkt() this macro replacement has
lead to a bug. When we receive a BCAST STATE_MSG we unconditionally
call the function bclink_retransmit_pkt(), whether there really is
anything to retransmit or not, assuming that the sequence number
comparisons will lead to the correct behavior. However, if the
transmission queue is empty, or if there are no eligible buffers in
the transmission queue, we will by mistake pass the list head pointer
to the function tipc_link_retransmit(). Since the list head is not a
valid sk_buff, this leads to a crash.

In this commit we fix this by only calling tipc_link_retransmit()
if we actually found eligible buffers in the transmission queue.

Reviewed-by: Ying Xue <ying.xue@windriver.com>
Signed-off-by: Jon Maloy <jon.maloy@ericsson.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agoupdate ip-sysctl.txt documentation (v2)
Ani Sinha [Wed, 7 Jan 2015 23:45:56 +0000 (15:45 -0800)]
update ip-sysctl.txt documentation (v2)

Update documentation to reflect the fact that
/proc/sys/net/ipv4/route/max_size is no longer used for ipv4.

Signed-off-by: Ani Sinha <ani@arista.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agonet/at91_ether: prepare and unprepare clock
Alexandre Belloni [Wed, 7 Jan 2015 22:59:26 +0000 (23:59 +0100)]
net/at91_ether: prepare and unprepare clock

The clock is enabled without being prepared, this leads to:

WARNING: CPU: 0 PID: 1 at drivers/clk/clk.c:889 __clk_enable+0x24/0xa8()

and a non working ethernet interface.

Use clk_prepare_enable() and clk_disable_unprepare() to handle the clock.

Signed-off-by: Alexandre Belloni <alexandre.belloni@free-electrons.com>
Acked-by: Boris Brezillon <boris.brezillon@free-electrons.com>
Acked-by: Nicolas Ferre <nicolas.ferre@atmel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agoisdn: fix NUL (\0 or \x00) specification in string
Giel van Schijndel [Wed, 7 Jan 2015 19:10:12 +0000 (20:10 +0100)]
isdn: fix NUL (\0 or \x00) specification in string

In C one can either use '\0' or '\x00' (or '\000') to add a NUL byte to
a string. '\0x00' isn't part of these and will in fact result in a
single NUL followed by "x00". This fixes that.

Signed-off-by: Giel van Schijndel <me@mortis.eu>
Reported-at: http://www.viva64.com/en/b/0299/
Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agoarm64: KVM: Fix HCR setting for 32bit guests
Marc Zyngier [Sun, 11 Jan 2015 13:10:11 +0000 (14:10 +0100)]
arm64: KVM: Fix HCR setting for 32bit guests

Commit b856a59141b1 (arm/arm64: KVM: Reset the HCR on each vcpu
when resetting the vcpu) moved the init of the HCR register to
happen later in the init of a vcpu, but left out the fixup
done in kvm_reset_vcpu when preparing for a 32bit guest.

As a result, the 32bit guest is run as a 64bit guest, but the
rest of the kernel still manages it as a 32bit. Fun follows.

Moving the fixup to vcpu_reset_hcr solves the problem for good.

Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 years agoarm64: KVM: Fix TLB invalidation by IPA/VMID
Marc Zyngier [Sun, 11 Jan 2015 13:10:10 +0000 (14:10 +0100)]
arm64: KVM: Fix TLB invalidation by IPA/VMID

It took about two years for someone to notice that the IPA passed
to TLBI IPAS2E1IS must be shifted by 12 bits. Clearly our reviewing
is not as good as it should be...

Paper bag time for me.

Reported-by: Mario Smarduch <m.smarduch@samsung.com>
Tested-by: Mario Smarduch <m.smarduch@samsung.com>
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
9 years agoxen: check for zero sized area when invalidating memory
Juergen Gross [Mon, 12 Jan 2015 05:05:10 +0000 (06:05 +0100)]
xen: check for zero sized area when invalidating memory

With the introduction of the linear mapped p2m list setting memory
areas to "invalid" had to be delayed. When doing the invalidation
make sure no zero sized areas are processed.

Signed-off-by: Juegren Gross <jgross@suse.com>
Signed-off-by: David Vrabel <david.vrabel@citrix.com>
9 years agoxen: use correct type for physical addresses
Juergen Gross [Mon, 12 Jan 2015 05:05:09 +0000 (06:05 +0100)]
xen: use correct type for physical addresses

When converting a pfn to a physical address be sure to use 64 bit
wide types or convert the physical address to a pfn if possible.

Signed-off-by: Juergen Gross <jgross@suse.com>
Tested-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Signed-off-by: David Vrabel <david.vrabel@citrix.com>
9 years agoxen: correct race in alloc_p2m_pmd()
Juergen Gross [Mon, 12 Jan 2015 05:05:08 +0000 (06:05 +0100)]
xen: correct race in alloc_p2m_pmd()

When allocating a new pmd for the linear mapped p2m list a check is
done for not introducing another pmd when this just happened on
another cpu. In this case the old pte pointer was returned which
points to the p2m_missing or p2m_identity page. The correct value
would be the pointer to the found new page.

Signed-off-by: Juergen Gross <jgross@suse.com>
Signed-off-by: David Vrabel <david.vrabel@citrix.com>
9 years agoxen: correct error for building p2m list on 32 bits
Juergen Gross [Mon, 12 Jan 2015 05:05:07 +0000 (06:05 +0100)]
xen: correct error for building p2m list on 32 bits

In xen_rebuild_p2m_list() for large areas of invalid or identity
mapped memory the pmd entries on 32 bit systems are initialized
wrong. Correct this error.

Suggested-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Signed-off-by: Juergen Gross <jgross@suse.com>
Signed-off-by: David Vrabel <david.vrabel@citrix.com>