Peter Hurley [Mon, 11 Jan 2016 04:23:56 +0000 (20:23 -0800)]
serial: core: Fold do_uart_get_info() into caller
do_uart_get_info() has a single caller: uart_get_info().
Manually inline do_uart_get_info().
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Peter Hurley [Mon, 11 Jan 2016 04:23:55 +0000 (20:23 -0800)]
serial: core: Fold __uart_put_char() into caller
uart_put_char() is the required interface; manually inline
__uart_put_char().
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Peter Hurley [Mon, 11 Jan 2016 04:36:15 +0000 (20:36 -0800)]
tty: Use termios c_*flag macros
Expressions of the form "tty->termios.c_*flag & FLAG"
are more clearly expressed with the termios flags macros,
I_FLAG(), C_FLAG(), O_FLAG(), and L_FLAG().
Convert treewide.
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Acked-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Peter Hurley [Mon, 11 Jan 2016 04:36:14 +0000 (20:36 -0800)]
tty: Allow unreadable mess to be > 80 chars
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Peter Hurley [Mon, 11 Jan 2016 04:36:13 +0000 (20:36 -0800)]
tty: Unify receive_buf() code paths
Instead of two distinct code branches for receive_buf() handling,
use tty_ldisc_receive_buf() as the single code path.
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Peter Hurley [Mon, 11 Jan 2016 04:36:12 +0000 (20:36 -0800)]
tty: Fix GPF in flush_to_ldisc(), part 2
commit
9ce119f318ba ("tty: Fix GPF in flush_to_ldisc()") fixed a
GPF caused by a line discipline which does not define a receive_buf()
method.
However, the vt driver (and speakup driver also) pushes selection
data directly to the line discipline receive_buf() method via
tty_ldisc_receive_buf(). Fix the same problem in tty_ldisc_receive_buf().
Cc: <stable@vger.kernel.org>
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Peter Hurley [Mon, 11 Jan 2016 04:36:11 +0000 (20:36 -0800)]
staging: dgap: Remove redundant write_wait wakeups
Waking the write_wait queue is exactly what tty_wakeup() does;
remove the open-coded wakeups.
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Peter Hurley [Mon, 11 Jan 2016 04:36:10 +0000 (20:36 -0800)]
ia64: Pin controlling tty for unaligned fault message
Prevent destruction of the controlling tty before tty_write_message()
can determine if the tty is safe to use.
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Peter Hurley [Mon, 11 Jan 2016 04:36:09 +0000 (20:36 -0800)]
n_tty: Ignore all read data when closing
On final port close (and thus final tty close), only output flow
control requests in the input data should be processed. Ignore all
other input data, including parity errors, overruns and breaks.
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Peter Hurley [Mon, 11 Jan 2016 04:36:08 +0000 (20:36 -0800)]
tty: rocket: Remove private close_wait
This driver's private completion variable, close_wait, is no longer
used for wait since "tty: Remove ASYNC_CLOSING checks in open()/hangup";
remove.
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Peter Hurley [Sun, 10 Jan 2016 22:39:36 +0000 (14:39 -0800)]
serial: 8250: Unfold < 80 char lines
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Peter Hurley [Sun, 10 Jan 2016 22:39:35 +0000 (14:39 -0800)]
serial: 8250: Wait for irq to complete before shutdown
After masking all interrupts, wait for the irq handler to complete
before continuing shutdown.
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Peter Hurley [Sun, 10 Jan 2016 22:39:34 +0000 (14:39 -0800)]
serial: 8250: Unlink uart console ptr if console setup fails
If console setup fails (eg., there is no valid port at that index),
unlink the console ptr; otherwise, when the driver unloads, the
console will be unregistered (even though setup, and thus registration,
failed) and a console disabled message will be printed.
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Peter Hurley [Sun, 10 Jan 2016 22:39:33 +0000 (14:39 -0800)]
serial: 8250: Remove low_latency workaround
The defunct low_latency input steering executed flush_to_ldisc()
directly from interrupt context so dropping the port lock was
necessary to avoid deadlock. That steering was removed by
commit
a9c3f68f3cd8d55f809fbdb0c138ed061ea1bd25
Author: Peter Hurley <peter@hurleysoftware.com>
Date: Sat Feb 22 07:31:21 2014 -0500
tty: Fix low_latency BUG
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Peter Hurley [Sun, 10 Jan 2016 22:39:32 +0000 (14:39 -0800)]
serial: 8250: Fix lost rx state
When max_count is reached, the rx loop exits. However, UART_LSR has
already been read so those char flags are lost, and subsequent rx
status will be for the wrong byte until the rx fifo drains.
Reported-by: George Spelvin <linux@horizon.com>
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Peter Hurley [Sun, 10 Jan 2016 22:39:31 +0000 (14:39 -0800)]
serial: 8250: Refactor serial8250_rx_chars() inner loop
Factor the read/process one char inner loop to a separate helper
function serial8250_read_char(). No functional change.
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Peter Hurley [Sun, 10 Jan 2016 05:45:14 +0000 (21:45 -0800)]
tty: n_tty: fix SIGIO for output
According to fcntl(2), "a SIGIO signal is sent whenever input
or output becomes possible on that file descriptor", i.e.
after the output buffer was full and now has space for new data.
But in fact SIGIO is sent after every write.
n_tty_write() should set TTY_DO_WRITE_WAKEUP only when
not all data could be written to the buffer.
[pjh: Also fixes missed SIGIO if amt written just happens to be
[ amount still to write
Signed-off-by: Johannes Stezenbach <js@sig21.net>
[pjh: minor patch edits and re-submit]
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Peter Hurley [Sun, 10 Jan 2016 05:45:13 +0000 (21:45 -0800)]
n_tty: Remove tty count checks from unthrottle
Since n_tty_check_unthrottle() is only called from n_tty_read()
which only originates from a userspace read(), the tty count cannot
be 0; the read() guarantees the file descriptor has not yet been
released.
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Peter Hurley [Sun, 10 Jan 2016 05:45:12 +0000 (21:45 -0800)]
n_tty: Fix stuck write wakeup
If signal-driven i/o is disabled while write wakeup is pending (ie.,
n_tty_write() has set TTY_DO_WRITE_WAKEUP but then signal-driven i/o
is disabled), the TTY_DO_WRITE_WAKEUP bit will never be cleared and
will cause tty_wakeup() to always call n_tty_write_wakeup.
Unconditionally clear the write wakeup, and since kill_fasync()
already checks if the fasync ptr is null, call kill_fasync()
unconditionally as well.
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Peter Hurley [Sun, 10 Jan 2016 05:45:11 +0000 (21:45 -0800)]
tty: Fix ioctl(FIOASYNC) on hungup file
A small race window exists which allows signal-driven async i/o to be
enabled for the tty when the file ptr has already been hungup and
signal-driven i/o has been disabled:
CPU 0 CPU 1
----- ------
ioctl_fioasync(on)
filp->f_op->fasync(on) __tty_hangup()
tty_fasync(on) tty_lock()
tty_lock() ...
. filp->f_op = &hung_up_tty_fops;
(waiting) __tty_fasync(off)
. tty_unlock()
/* gets tty lock */
/* enables FASYNC */
Check the tty has not been hungup while holding tty_lock.
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Peter Hurley [Sun, 10 Jan 2016 05:45:10 +0000 (21:45 -0800)]
tty: Add fasync() hung up file operation
VFS uses a two-stage check-and-call method for invoking file_operations
methods, without explicitly snapshotting either the file_operations ptr
or the function ptr. Since the tty core is one of the few VFS users that
changes the f_op file_operations ptr of the file descriptor (when the
tty has been hung up), and since the likelihood of the compiler generating
a reload of either f_op or the function ptr is basically nil, just define
a hung up fasync() file operation that returns an error.
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Peter Hurley [Sun, 10 Jan 2016 05:45:09 +0000 (21:45 -0800)]
tty, n_tty: Remove fasync() ldisc notification
Only the N_TTY line discipline implements the signal-driven i/o
notification enabled/disabled by fcntl(F_SETFL, O_ASYNC). The ldisc
fasync() notification is sent to the ldisc when the enable state has
changed (the tty core is notified via the fasync() VFS file operation).
The N_TTY line discipline used the enable state to change the wakeup
condition (minimum_to_wake = 1) for notifying the signal handler i/o is
available. However, just the presence of data is sufficient and necessary
to signal i/o is available, so changing minimum_to_wake is unnecessary
(and creates a race condition with read() and poll() which may be
concurrently updating minimum_to_wake).
Furthermore, since the kill_fasync() VFS helper performs no action if
the fasync list is empty, calling unconditionally is preferred; if
signal driven i/o just has been disabled, no signal will be sent by
kill_fasync() anyway so notification of the change via the ldisc
fasync() method is superfluous.
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Peter Hurley [Sun, 10 Jan 2016 05:45:08 +0000 (21:45 -0800)]
n_tty: Always wake up read()/poll() if new input
A read() in non-canonical mode when VMIN > 0 and VTIME == 0 does not
complete until at least VMIN chars have been read (or the user buffer is
full). In this infrequent read mode, n_tty_read() attempts to reduce
wakeups by computing the amount of data still necessary to complete the
read (minimum_to_wake) and only waking the read()/poll() when that much
unread data has been processed. This is the only read mode for which
new data does not necessarily generate a wakeup.
However, this optimization is broken and commonly leads to hung reads
even though the necessary amount of data has been received. Since the
optimization is of marginal value anyway, just remove the whole
thing. This also remedies a race between a concurrent poll() and
read() in this mode, where the poll() can reset the minimum_to_wake
of the read() (and vice versa).
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Peter Zijlstra [Mon, 25 Jan 2016 13:09:54 +0000 (14:09 +0100)]
perf: Fix race in perf_event_exit_task_context()
There is a race between perf_event_exit_task_context() and
orphans_remove_work() which results in a use-after-free.
We mark ctx->task with TASK_TOMBSTONE to indicate a context is
'dead', under ctx->lock. After which point event_function_call()
on any event of that context will NOP
A concurrent orphans_remove_work() will only hold ctx->mutex for
the list iteration and not serialize against this. Therefore its
possible that orphans_remove_work()'s perf_remove_from_context()
call will fail, but we'll continue to free the event, with the
result of free'd memory still being on lists and everything.
Once perf_event_exit_task_context() gets around to acquiring
ctx->mutex it too will iterate the event list, encounter the
already free'd event and proceed to free it _again_. This fails
with the WARN in free_event().
Plug the race by having perf_event_exit_task_context() hold
ctx::mutex over the whole tear-down, thereby 'naturally'
serializing against all other sites, including the orphan work.
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Arnaldo Carvalho de Melo <acme@redhat.com>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Stephane Eranian <eranian@google.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Vince Weaver <vincent.weaver@maine.edu>
Cc: alexander.shishkin@linux.intel.com
Cc: dsahern@gmail.com
Cc: namhyung@kernel.org
Link: http://lkml.kernel.org/r/20160125130954.GY6357@twins.programming.kicks-ass.net
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Peter Zijlstra [Mon, 25 Jan 2016 13:08:45 +0000 (14:08 +0100)]
perf: Fix orphan hole
We should set event->owner before we install the event,
otherwise there is a hole where the target task can fork() and
we'll not inherit the event because it thinks the event is
orphaned.
Signed-off-by: Peter Zijlstra <peterz@infradead.org>
Cc: Arnaldo Carvalho de Melo <acme@redhat.com>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Nicolai Hähnle [Wed, 27 Jan 2016 16:04:19 +0000 (11:04 -0500)]
drm/amdgpu: only move pt bos in LRU list on success
This fixes a race condition in the error case: since the pt bos have not
necessarily been reserved in case of an error, we could move a pt bo that
is currently in the middle of being evicted/moved by another process,
which then resulted in a BUG_ON in ttm_bo_add_to_lru.
Reviewed-by: Christian König <christian.koenig@amd.com>
Signed-off-by: Nicolai Hähnle <nicolai.haehnle@amd.com>
Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Greg Kroah-Hartman [Thu, 28 Jan 2016 16:32:42 +0000 (08:32 -0800)]
Merge tag 'usb-serial-4.5-rc2' of git://git./linux/kernel/git/johan/usb-serial into usb-linus
Johan writes:
USB-serial fixes for v4.5-rc2
Here are two fixes of crashes in the visor driver that could be
triggered using bad (malicious) descriptors, a fix for two memory leaks
in the new mxu11x0 driver, and an interface-blacklist fix for the option
driver.
Included are also some new device ids.
Signed-off-by: Johan Hovold <johan@kernel.org>
Aneesh Kumar K.V [Wed, 27 Jan 2016 06:34:20 +0000 (12:04 +0530)]
powerpc/mm: Fixup _HPAGE_CHG_MASK
This was wrongly updated by commit
7aa9a23c69ea ("powerpc, thp: remove
infrastructure for handling splitting PMDs") during the last merge
window. Fix it up.
This could lead to incorrect behaviour in THP and/or mprotect(), at a
minimum.
Fixes: 7aa9a23c69ea ("powerpc, thp: remove infrastructure for handling splitting PMDs")
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Madhavan Srinivasan [Mon, 25 Jan 2016 08:33:46 +0000 (14:03 +0530)]
powerpc/perf: Remove PPMU_HAS_SSLOT flag for Power8
Commit
7a7868326d77 ("powerpc/perf: Add an explict flag indicating
presence of SLOT field") introduced the PPMU_HAS_SSLOT flag to remove
the assumption that MMCRA[SLOT] was present when PPMU_ALT_SIPR was not
set.
That commit's changelog also mentions that Power8 does not support
MMCRA[SLOT]. However when the Power8 PMU support was merged, it
errnoeously included the PPMU_HAS_SSLOT flag.
So remove PPMU_HAS_SSLOT from the Power8 flags.
mpe: On systems where MMCRA[SLOT] exists, the field occupies bits 37:39
(IBM numbering). On Power8 bit 37 is reserved, and 38:39 overlap with
the high bits of the Threshold Event Counter Mantissa. I am not aware of
any published events which use the threshold counting mechanism, which
would cause the mantissa bits to be set. So in practice this bug is
unlikely to trigger.
Fixes: e05b9b9e5c10 ("powerpc/perf: Power8 PMU support")
Signed-off-by: Madhavan Srinivasan <maddy@linux.vnet.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Takashi Iwai [Thu, 28 Jan 2016 06:54:16 +0000 (07:54 +0100)]
ALSA: dummy: Disable switching timer backend via sysfs
ALSA dummy driver can switch the timer backend between system timer
and hrtimer via its hrtimer module option. This can be also switched
dynamically via sysfs, but it may lead to a memory corruption when
switching is done while a PCM stream is running; the stream instance
for the newly switched timer method tries to access the memory that
was allocated by another timer method although the sizes differ.
As the simplest fix, this patch just disables the switch via sysfs by
dropping the writable bit.
BugLink: http://lkml.kernel.org/r/CACT4Y+ZGEeEBntHW5WHn2GoeE0G_kRrCmUh6=dWyy-wfzvuJLg@mail.gmail.com
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Randy Dunlap [Thu, 28 Jan 2016 02:04:10 +0000 (18:04 -0800)]
ALSA: timer: fix SND_PCM_TIMER Kconfig text
Fix spelling and typos for SND_PCM_TIMER.
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Gioh Kim [Wed, 27 Jan 2016 11:02:09 +0000 (12:02 +0100)]
hwmon: (fam15h_power) Add bit masking for tdp_limit
Add bit masking to read ApmTdpLimit precisely
Signed-off-by: Gioh Kim <gi-oh.kim@profitbricks.com>
Acked-by: Borislav Petkov <bp@suse.de>
Acked-by: Huang Rui <ray.huang@amd.com>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Peter Hurley [Sun, 10 Jan 2016 06:55:39 +0000 (22:55 -0800)]
tty: audit: Poison tty_audit_buf while process exits
Warn if tty_audit_buf use is attempted after tty_audit_exit() has
already freed it.
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Peter Hurley [Sun, 10 Jan 2016 06:55:38 +0000 (22:55 -0800)]
tty: audit: Always push audit buffer before TIOCSTI
The data read from another tty may be relevant to the action of
the TIOCSTI ioctl; log the audit buffer immediately.
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Peter Hurley [Sun, 10 Jan 2016 06:55:37 +0000 (22:55 -0800)]
tty: audit: Check audit enable first
Audit is unlikely to be enabled; check first to exit asap.
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Peter Hurley [Sun, 10 Jan 2016 06:55:36 +0000 (22:55 -0800)]
tty: audit: Simplify first-use allocation
The first-use tty audit buffer allocation is a potential race
amongst multiple attempts at 'first-use'; only one 'winner' is
acceptable.
The successful buffer assignment occurs if tty_audit_buf == NULL
(which will also be the return from cmpxchg()); otherwise, another
racer 'won' and this buffer allocation is freed.
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Peter Hurley [Sun, 10 Jan 2016 06:55:35 +0000 (22:55 -0800)]
tty: audit: Remove tty_audit_buf reference counting
When tty_audit_exit() is called from do_exit(), the process is
single-threaded. Since the tty_audit_buf is only shared by threads
of a process, no other thread can be concurrently accessing the
tty_audit_buf during or after tty_audit_exit().
Thus, no other thread can be holding an extra tty_audit_buf reference
which would prevent tty_audit_exit() from freeing the tty_audit_buf.
As that is the only purpose of the ref counting, remove the reference
counting and free the tty_audit_buf directly.
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Peter Hurley [Sun, 10 Jan 2016 06:55:34 +0000 (22:55 -0800)]
tty: audit: Remove false memory optimization
The tty audit buffer is allocated at first use and not freed until
the process exits. If tty audit is turned off after the audit buffer
has been allocated, no effort is made to release the buffer.
So re-checking if tty audit has just been turned off when tty audit
was just on is false optimization; the likelihood of triggering this
condition is exceedingly small.
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Peter Hurley [Sun, 10 Jan 2016 06:55:33 +0000 (22:55 -0800)]
tty: audit: Handle tty audit enable atomically
The audit_tty and audit_tty_log_passwd fields are actually bool
values, so merge into single memory location to access atomically.
NB: audit log operations may still occur after tty audit is disabled
which is consistent with the existing functionality
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Peter Hurley [Sun, 10 Jan 2016 06:55:32 +0000 (22:55 -0800)]
tty: audit: Track tty association with dev_t
Use dev_t instead of separate major/minor fields to track tty
audit buffer association.
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Peter Hurley [Sun, 10 Jan 2016 06:55:31 +0000 (22:55 -0800)]
tty: audit: Combine push functions
tty_audit_push() and tty_audit_push_current() perform identical
tasks; eliminate the tty_audit_push() implementation and the
tty_audit_push_current() name.
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Peter Hurley [Sun, 10 Jan 2016 06:55:30 +0000 (22:55 -0800)]
tty: audit: Ignore current association for audit push
In canonical read mode, each line read and logged is pushed separately
with tty_audit_push(). For all single-threaded processes and multi-threaded
processes reading from only one tty, this patch has no effect; the last line
read will still be the entry pushed to the audit log because the tty
association cannot have changed between tty_audit_add_data() and
tty_audit_push().
For multi-threaded processes reading from different ttys concurrently,
the audit log will have mixed log entries anyway. Consider two ttys
audited concurrently:
CPU0 CPU1
---------- ------------
tty_audit_add_data(ttyA)
tty_audit_add_data(ttyB)
tty_audit_push()
tty_audit_add_data(ttyB)
tty_audit_push()
This patch will now cause the ttyB output to be split into separate
audit log entries.
However, this possibility is equally likely without this patch:
CPU0 CPU1
---------- ------------
tty_audit_add_data(ttyB)
tty_audit_add_data(ttyA)
tty_audit_push()
tty_audit_add_data(ttyB)
tty_audit_push()
Mixed canonical and non-canonical reads have similar races.
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Peter Hurley [Sun, 10 Jan 2016 06:55:29 +0000 (22:55 -0800)]
tty: audit: Take siglock directly
lock_task_sighand() is for situations where the struct task_struct*
may disappear while trying to deref the sighand; this never applies
to 'current'.
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Peter Hurley [Sun, 10 Jan 2016 06:55:28 +0000 (22:55 -0800)]
tty: audit: Defer audit buffer association
The tty audit buffer used to audit/record tty input is allocated on
the process's first call to tty_audit_add_data(), and not freed until
the process exits. On each call to tty_audit_add_data(), the current
tty is compared (by major:minor) with the last tty associated with
the audit buffer, and if the tty has changed the existing data is
logged to the audit log. The audit buffer is then re-associated with
the new tty.
Currently, the audit buffer is immediately associated with the tty;
however, the association must be re-checked when the buffer is locked
prior to copying the tty input. This extra step is always necessary,
since a concurrent read of a different tty by another thread of the
process may have used the buffer in between allocation and buffer
lock.
Rather than associate the audit buffer with the tty at allocation,
leave the buffer initially un-associated (null dev_t); simply let the
re-association check also perform the initial association.
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Peter Hurley [Sun, 10 Jan 2016 06:55:27 +0000 (22:55 -0800)]
tty: audit: Remove icanon mode from call chain
The tty termios bits cannot change while n_tty_read() is in the
i/o loop; the termios_rwsem ensures mutual exclusion with termios
changes in n_tty_set_termios(). Check L_ICANON() directly and
eliminate icanon parameter.
NB: tty_audit_add_data() => tty_audit_buf_get() => tty_audit_buf_alloc()
is a single path; ie., tty_audit_buf_get() and tty_audit_buf_alloc()
have no other callers.
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Peter Hurley [Sun, 10 Jan 2016 06:55:26 +0000 (22:55 -0800)]
tty: audit: Never audit packet mode
tty audit never logs pty master reads, but packet mode only works for
pty masters, so tty_audit_add_data() was never logging packet mode
anyway.
Don't audit packet mode data. As those are the lone call sites, remove
tty_put_user().
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Peter Hurley [Sun, 10 Jan 2016 06:55:25 +0000 (22:55 -0800)]
tty: audit: Early-out pty master reads earlier
Reads from pty masters are not logged; early-out before taking
locks.
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
James Morris [Wed, 27 Jan 2016 23:53:54 +0000 (10:53 +1100)]
Merge tag 'seccomp-4.5-rc2' of git://git./linux/kernel/git/kees/linux into for-linus
David Howells [Wed, 27 Jan 2016 01:02:03 +0000 (01:02 +0000)]
KEYS: Only apply KEY_FLAG_KEEP to a key if a parent keyring has it set
KEY_FLAG_KEEP should only be applied to a key if the keyring it is being
linked into has KEY_FLAG_KEEP set.
To this end, partially revert the following patch:
commit
1d6d167c2efcfe9539d9cffb1a1be9c92e39c2c0
Author: Mimi Zohar <zohar@linux.vnet.ibm.com>
Date: Thu Jan 7 07:46:36 2016 -0500
KEYS: refcount bug fix
to undo the change that made it unconditional (Mimi got it right the first
time).
Without undoing this change, it becomes impossible to delete, revoke or
invalidate keys added to keyrings through __key_instantiate_and_link()
where the keyring has itself been linked to. To test this, run the
following command sequence:
keyctl newring foo @s
keyctl add user a a %:foo
keyctl unlink %user:a %:foo
keyctl clear %:foo
With the commit mentioned above the third and fourth commands fail with
EPERM when they should succeed.
Reported-by: Stephen Gallager <sgallagh@redhat.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
cc: Mimi Zohar <zohar@linux.vnet.ibm.com>
cc: keyrings@vger.kernel.org
cc: stable@vger.kernel.org
Signed-off-by: James Morris <james.l.morris@oracle.com>
Peter Hurley [Sun, 10 Jan 2016 05:35:23 +0000 (21:35 -0800)]
tty: Make tty_files_lock per-tty
Access to tty->tty_files list is always per-tty, never for all ttys
simultaneously. Replace global tty_files_lock spinlock with per-tty
->files_lock. Initialize when the ->tty_files list is inited, in
alloc_tty_struct().
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Peter Hurley [Sun, 10 Jan 2016 05:35:22 +0000 (21:35 -0800)]
tty: Remove unreferenced tty flags macro TTY_DEBUG
The TTY_DEBUG macro is not used; remove.
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Peter Hurley [Sun, 10 Jan 2016 05:35:21 +0000 (21:35 -0800)]
tty: Move tty_check_change() helper
Move is_ignored() to drivers/tty/tty_io.c and re-declare in file
scope.
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Peter Hurley [Sun, 10 Jan 2016 05:35:20 +0000 (21:35 -0800)]
tty: Remove declarations to non-existent functions
tty_read_raw_data() and tty_signal() no longer exist; remove
declarations.
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Peter Hurley [Sun, 10 Jan 2016 05:35:19 +0000 (21:35 -0800)]
tty: Eliminate global symbol tty_ldisc_N_TTY
Reduce global tty symbols; move and rename tty_ldisc_begin() as
n_tty_init() and redefine the N_TTY ldisc ops as file scope.
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Peter Hurley [Sun, 10 Jan 2016 05:35:18 +0000 (21:35 -0800)]
tty: Unexport system-wide tty_mutex
tty_mutex is a core, system-wide lock; there is no reason for any
code outside the tty core to have direct access.
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Peter Hurley [Mon, 11 Jan 2016 06:41:08 +0000 (22:41 -0800)]
tty: Avoid unnecessary temporaries for tty->ldisc
tty_ldisc_setup() is race-free and can reference tty->ldisc without
snapshots.
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Peter Hurley [Mon, 11 Jan 2016 06:41:07 +0000 (22:41 -0800)]
tty: Document c_line == N_TTY initial condition
The line discipline id is stored in the tty's termios; document the
implicit initial value of N_TTY.
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Peter Hurley [Mon, 11 Jan 2016 06:41:06 +0000 (22:41 -0800)]
tty: Destroy ldisc instance on hangup
Currently, when the tty is hungup, the ldisc is re-instanced; ie., the
current instance is destroyed and a new instance is created. The purpose
of this design was to guarantee a valid, open ldisc for the lifetime of
the tty.
However, now that tty buffers are owned by and have lifetime equivalent
to the tty_port (since v3.10), any data received immediately after the
ldisc is re-instanced may cause continued driver i/o operations
concurrently with the driver's hangup() operation. For drivers that
shutdown h/w on hangup, this is unexpected and usually bad. For example,
the serial core may free the xmit buffer page concurrently with an
in-progress write() operation (triggered by echo).
With the existing stable and robust ldisc reference handling, the
cleaned-up tty_reopen(), the straggling unsafe ldisc use cleaned up, and
the preparation to properly handle a NULL tty->ldisc, the ldisc instance
can be destroyed and only re-instanced when the tty is re-opened.
If the tty was opened as /dev/console or /dev/tty0, the original behavior
of re-instancing the ldisc is retained (the 'reinit' parameter to
tty_ldisc_hangup() is true). This is required since those file descriptors
are never hungup.
This patch has neglible impact on userspace; the tty file_operations ptr
is changed to point to the hungup file operations _before_ the ldisc
instance is destroyed, so only racing file operations might now retrieve
a NULL ldisc reference (which is simply handled as if the hungup file
operation had been called instead -- see "tty: Prepare for destroying
line discipline on hangup").
This resolves a long-standing FIXME and several crash reports.
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Peter Hurley [Mon, 11 Jan 2016 06:41:05 +0000 (22:41 -0800)]
tty: Refactor tty_ldisc_reinit() for reuse
At tty hangup, the line discipline instance is reinitialized by
closing the current ldisc instance and opening a new instance.
This operation is complicated by error recovery: if the attempt
to reinit the current line discipline fails, the line discipline
is reset to N_TTY (which should not but can fail).
Re-purpose tty_ldisc_reinit() to return a valid, open line discipline
instance, or otherwise, an error.
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Peter Hurley [Mon, 11 Jan 2016 06:41:04 +0000 (22:41 -0800)]
tty: Use 'disc' for line discipline index name
tty->ldisc is a ptr to struct tty_ldisc, but unfortunately 'ldisc' is
also used as a parameter or local name to refer to the line discipline
index value (ie, N_TTY, N_GSM, etc.); instead prefer the name used
by the line discipline registration/ref counting functions.
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Peter Hurley [Mon, 11 Jan 2016 06:41:03 +0000 (22:41 -0800)]
tty: Move tty_ldisc_kill()
In preparation for destroying the line discipline instance on hangup,
move tty_ldisc_kill() to eliminate needless forward declarations.
No functional change.
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Peter Hurley [Mon, 11 Jan 2016 06:41:02 +0000 (22:41 -0800)]
tty: Handle NULL tty->ldisc
In preparation of destroying line discipline on hangup, fix
ldisc core operations to properly handle when the tty's ldisc is
NULL.
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Peter Hurley [Mon, 11 Jan 2016 06:41:01 +0000 (22:41 -0800)]
tty: Prepare for destroying line discipline on hangup
tty file_operations (read/write/ioctl) wait for the ldisc reference
indefinitely (until ldisc lifetime events, such as hangup or TIOCSETD,
finish). Since hangup now destroys the ldisc and does not instance
another copy, file_operations must now be prepared to receive a NULL
ldisc reference from tty_ldisc_ref_wait():
CPU 0 CPU 1
----- -----
(*f_op->read)() => tty_read()
__tty_hangup()
...
f_op = &hung_up_tty_fops;
...
tty_ldisc_hangup()
tty_ldisc_lock()
tty_ldisc_kill()
tty->ldisc = NULL
tty_ldisc_unlock()
ld = tty_ldisc_ref_wait()
/* ld == NULL */
Instead, the action taken now is to return the same value as if the
tty had been hungup a moment earlier:
CPU 0 CPU 1
----- -----
__tty_hangup()
...
f_op = &hung_up_tty_fops;
(*f_op->read)() => hung_up_tty_read()
return 0;
...
tty_ldisc_hangup()
tty_ldisc_lock()
tty_ldisc_kill()
tty->ldisc = NULL
tty_ldisc_unlock()
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Peter Hurley [Mon, 11 Jan 2016 06:41:00 +0000 (22:41 -0800)]
tty: Fix comments for tty_ldisc_release()
tty_ldisc_kill() sets tty->ldisc to NULL; _not_ to N_TTY with a valid
but unopened ldisc. Fix function header documentation.
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Peter Hurley [Mon, 11 Jan 2016 06:40:59 +0000 (22:40 -0800)]
tty: Fix comments for tty_ldisc_get()
tty_ldisc_get() returns ERR_PTR() values if unsuccessful, not NULL;
fix function header documentation.
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Peter Hurley [Mon, 11 Jan 2016 06:40:57 +0000 (22:40 -0800)]
tty: Reset c_line from driver's init_termios
After the ldisc is released, but before the tty is destroyed, the termios
is saved (in tty_free_termios()); this termios is restored if a new
tty is created on next open(). However, the line discipline is always
reset, which is not obvious in the current method. Instead, reset
as part of the restore.
Restore the original line discipline, which may not have been N_TTY.
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Peter Hurley [Mon, 11 Jan 2016 06:40:54 +0000 (22:40 -0800)]
tty: Remove chars_in_buffer() line discipline method
The chars_in_buffer() line discipline method serves no functional
purpose, other than as a (dubious) debugging aid for mostly bit-rotting
drivers. Despite being documented as an optional method, every caller
is unconditionally executed (although conditionally compiled).
Furthermore, direct tty->ldisc access without an ldisc ref is unsafe.
Lastly, N_TTY's chars_in_buffer() has warned of removal since 3.12.
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Peter Hurley [Mon, 11 Jan 2016 06:40:53 +0000 (22:40 -0800)]
NFC: nci: Remove dead code
The N_NCI ldisc does not define a flush_buffer() ldisc method, so
the check when opening the ldisc is always false.
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Peter Hurley [Mon, 11 Jan 2016 06:40:51 +0000 (22:40 -0800)]
serial: 68328: Remove bogus ldisc reset
As the #warning indicates, the open-coded ldisc reset was always not ok.
Not only is this code long dead, but now it would have no effect as
the ldisc is destroyed when this driver's close() method returns; remove.
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Peter Hurley [Mon, 11 Jan 2016 06:40:50 +0000 (22:40 -0800)]
staging: digi: Replace open-coded tty_wakeup()
The open-coded tty_wakeup()s are attempts to workaround fixed bugs
in the line discipline write_wakeup() method. Replace with tty_wakeup().
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Peter Hurley [Sun, 10 Jan 2016 05:13:53 +0000 (21:13 -0800)]
tty: Refactor tty_open()
Extract the driver lookup and reopen-or-initialize logic into helper
function tty_open_by_driver(). No functional change.
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Peter Hurley [Sun, 10 Jan 2016 05:13:52 +0000 (21:13 -0800)]
tty: Consolidate noctty checks in tty_open()
Evaluate the conditions which prevent this tty being the controlling
terminal in one place, just before setting the controlling terminal.
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Peter Hurley [Sun, 10 Jan 2016 05:13:51 +0000 (21:13 -0800)]
tty: Remove __lockfunc annotation from tty lock functions
The tty lock/unlock code does not belong in the special lockfunc section
which is treated specially by stack backtraces.
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Peter Hurley [Sun, 10 Jan 2016 05:13:50 +0000 (21:13 -0800)]
pty: Remove pty_unix98_shutdown()
The tty core invokes the optional driver shutdown() just before
the optional driver remove() (shutdown() has access to the termios
and remove() does not). Because pty drivers must prevent the default
remove() action, the Unix98 pty drivers define a dummy remove() function.
Instead, release the slave index in the remove() method and delete the
optional shutdown() method.
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Peter Hurley [Sun, 10 Jan 2016 05:13:49 +0000 (21:13 -0800)]
tty: Re-declare tty_driver_remove_tty() file scope
tty_driver_remove_tty() is only local-scope; declare as static.
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Peter Hurley [Sun, 10 Jan 2016 05:13:48 +0000 (21:13 -0800)]
tty: Fix tty_init_termios() declaration
tty_init_termios() never returns an error; re-declare as void. Remove
unnecessary error handling from callers. Remove extern declarations
of tty_free_termios() and free_tty_struct() and re-declare in file
scope.
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Acked-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Peter Hurley [Sun, 10 Jan 2016 05:13:47 +0000 (21:13 -0800)]
tty: Remove !tty check from free_tty_struct()
free_tty_struct() is never called with NULL tty; the two call sites
would already have faulted on earlier access.
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Peter Hurley [Sun, 10 Jan 2016 05:13:46 +0000 (21:13 -0800)]
tty: Fix ldisc leak in failed tty_init_dev()
release_tty() leaks the ldisc instance when called directly (rather
than when releasing the file descriptor from tty_release()).
Since tty_ldisc_release() clears tty->ldisc, releasing the ldisc
instance at tty teardown if tty->ldisc is non-null is not in danger
of double-releasing the ldisc.
Remove deinitialize_tty_struct() now that free_tty_struct() always
performs the tty_ldisc_deinit().
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Arnd Bergmann [Mon, 25 Jan 2016 15:45:48 +0000 (16:45 +0100)]
cpufreq: cpufreq-dt: avoid uninitialized variable warnings:
gcc warns quite a bit about values returned from allocate_resources()
in cpufreq-dt.c:
cpufreq-dt.c: In function 'cpufreq_init':
cpufreq-dt.c:327:6: error: 'cpu_dev' may be used uninitialized in this function [-Werror=maybe-uninitialized]
cpufreq-dt.c:197:17: note: 'cpu_dev' was declared here
cpufreq-dt.c:376:2: error: 'cpu_clk' may be used uninitialized in this function [-Werror=maybe-uninitialized]
cpufreq-dt.c:199:14: note: 'cpu_clk' was declared here
cpufreq-dt.c: In function 'dt_cpufreq_probe':
cpufreq-dt.c:461:2: error: 'cpu_clk' may be used uninitialized in this function [-Werror=maybe-uninitialized]
cpufreq-dt.c:447:14: note: 'cpu_clk' was declared here
The problem is that it's slightly hard for gcc to follow return
codes across PTR_ERR() calls.
This patch uses explicit assignments to the "ret" variable to make
it easier for gcc to verify that the code is actually correct,
without the need to add a bogus initialization.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Acked-by: Viresh Kumar <viresh.kumar@linaro.org>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Arnd Bergmann [Mon, 25 Jan 2016 15:44:38 +0000 (16:44 +0100)]
cpufreq: pxa2xx: fix pxa_cpufreq_change_voltage prototype
There are two definitions of pxa_cpufreq_change_voltage, with slightly
different prototypes after one of them had its argument marked 'const'.
Now the other one (for !CONFIG_REGULATOR) produces a harmless warning:
drivers/cpufreq/pxa2xx-cpufreq.c: In function 'pxa_set_target':
drivers/cpufreq/pxa2xx-cpufreq.c:291:36: warning: passing argument 1 of 'pxa_cpufreq_change_voltage' discards 'const' qualifier from pointer target type [-Wdiscarded-qualifiers]
ret = pxa_cpufreq_change_voltage(&pxa_freq_settings[idx]);
^
drivers/cpufreq/pxa2xx-cpufreq.c:205:12: note: expected 'struct pxa_freqs *' but argument is of type 'const struct pxa_freqs *'
static int pxa_cpufreq_change_voltage(struct pxa_freqs *pxa_freq)
^
This changes the prototype in the same way as the other, which
avoids the warning.
Fixes: 03c229906311 (cpufreq: pxa: make pxa_freqs arrays const)
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Acked-by: Viresh Kumar <viresh.kumar@linaro.org>
Cc: 4.2+ <stable@vger.kernel.org> # 4.2+
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Arnd Bergmann [Mon, 25 Jan 2016 15:48:28 +0000 (16:48 +0100)]
PM: APM_EMULATION does not depend on PM
The APM emulation code does multiple things, and some of them depend on
PM_SLEEP, while the battery management does not. However, selecting
the symbol like SHARPSL_PM does causes a Kconfig warning:
warning: (SHARPSL_PM && PMAC_APM_EMU) selects APM_EMULATION which has unmet direct dependencies (PM && SYS_SUPPORTS_APM_EMULATION)
From all I can tell, this is completely harmless, and we can simply allow
APM_EMULATION to be enabled here, even if PM is not.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Gautham R Shenoy [Wed, 27 Jan 2016 06:32:26 +0000 (12:02 +0530)]
cpufreq: Use list_is_last() to check last entry of the policy list
Currently next_policy() explicitly checks if a policy is the last
policy in the cpufreq_policy_list. Use the standard list_is_last
primitive instead.
Signed-off-by: Gautham R. Shenoy <ego@linux.vnet.ibm.com>
Acked-by: Viresh Kumar <viresh.kumar@linaro.org>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Viresh Kumar [Mon, 25 Jan 2016 17:03:46 +0000 (22:33 +0530)]
cpufreq: Fix NULL reference crash while accessing policy->governor_data
There is a race discovered by Juri, where we are able to:
- create and read a sysfs file before policy->governor_data is being set
to a non NULL value.
OR
- set policy->governor_data to NULL, and reading a file before being
destroyed.
And so such a crash is reported:
Unable to handle kernel NULL pointer dereference at virtual address
0000000c
pgd =
edfc8000
[
0000000c] *pgd=
bfc8c835
Internal error: Oops: 17 [#1] SMP ARM
Modules linked in:
CPU: 4 PID: 1730 Comm: cat Not tainted 4.5.0-rc1+ #463
Hardware name: ARM-Versatile Express
task:
ee8e8480 ti:
ee930000 task.ti:
ee930000
PC is at show_ignore_nice_load_gov_pol+0x24/0x34
LR is at show+0x4c/0x60
pc : [<
c058f1bc>] lr : [<
c058ae88>] psr:
a0070013
sp :
ee931dd0 ip :
ee931de0 fp :
ee931ddc
r10:
ee4bc290 r9 :
00001000 r8 :
ef2cb000
r7 :
ee4bc200 r6 :
ef2cb000 r5 :
c0af57b0 r4 :
ee4bc2e0
r3 :
00000000 r2 :
00000000 r1 :
c0928df4 r0 :
ef2cb000
Flags: NzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none
Control:
10c5387d Table:
adfc806a DAC:
00000051
Process cat (pid: 1730, stack limit = 0xee930210)
Stack: (0xee931dd0 to 0xee932000)
1dc0:
ee931dfc ee931de0 c058ae88 c058f1a4
1de0:
edce3bc0 c07bfca4 edce3ac0 00001000 ee931e24 ee931e00 c01fcb90 c058ae48
1e00:
00000001 edce3bc0 00000000 00000001 ee931e50 ee8ff480 ee931e34 ee931e28
1e20:
c01fb33c c01fcb0c ee931e8c ee931e38 c01a5210 c01fb314 ee931e9c ee931e48
1e40:
00000000 edce3bf0 befe4a00 ee931f78 00000000 00000000 000001e4 00000000
1e60:
c00545a8 edce3ac0 00001000 00001000 befe4a00 ee931f78 00000000 00001000
1e80:
ee931ed4 ee931e90 c01fbed8 c01a5038 ed085a58 00020000 00000000 00000000
1ea0:
c0ad72e4 ee931f78 ee8ff488 ee8ff480 c077f3fc 00001000 befe4a00 ee931f78
1ec0:
00000000 00001000 ee931f44 ee931ed8 c017c328 c01fbdc4 00001000 00000000
1ee0:
ee8ff480 00001000 ee931f44 ee931ef8 c017c65c c03deb10 ee931fac ee931f08
1f00:
c0009270 c001f290 c0a8d968 ef2cb000 ef2cb000 ee8ff480 00000020 ee8ff480
1f20:
ee8ff480 befe4a00 00001000 ee931f78 00000000 00000000 ee931f74 ee931f48
1f40:
c017d1ec c017c2f8 c019c724 c019c684 ee8ff480 ee8ff480 00001000 befe4a00
1f60:
00000000 00000000 ee931fa4 ee931f78 c017d2a8 c017d160 00000000 00000000
1f80:
000a9f20 00001000 befe4a00 00000003 c000ffe4 ee930000 00000000 ee931fa8
1fa0:
c000fe40 c017d264 000a9f20 00001000 00000003 befe4a00 00001000 00000000
Unable to handle kernel NULL pointer dereference at virtual address
0000000c
1fc0:
000a9f20 00001000 befe4a00 00000003 00000000 00000000 00000003 00000001
pgd =
edfc4000
[
0000000c] *pgd=
bfcac835
1fe0:
00000000 befe49dc 000197f8 b6e35dfc 60070010 00000003 3065b49d 134ac2c9
[<
c058f1bc>] (show_ignore_nice_load_gov_pol) from [<
c058ae88>] (show+0x4c/0x60)
[<
c058ae88>] (show) from [<
c01fcb90>] (sysfs_kf_seq_show+0x90/0xfc)
[<
c01fcb90>] (sysfs_kf_seq_show) from [<
c01fb33c>] (kernfs_seq_show+0x34/0x38)
[<
c01fb33c>] (kernfs_seq_show) from [<
c01a5210>] (seq_read+0x1e4/0x4e4)
[<
c01a5210>] (seq_read) from [<
c01fbed8>] (kernfs_fop_read+0x120/0x1a0)
[<
c01fbed8>] (kernfs_fop_read) from [<
c017c328>] (__vfs_read+0x3c/0xe0)
[<
c017c328>] (__vfs_read) from [<
c017d1ec>] (vfs_read+0x98/0x104)
[<
c017d1ec>] (vfs_read) from [<
c017d2a8>] (SyS_read+0x50/0x90)
[<
c017d2a8>] (SyS_read) from [<
c000fe40>] (ret_fast_syscall+0x0/0x1c)
Code:
e5903044 e1a00001 e3081df4 e34c1092 (
e593300c)
---[ end trace
5994b9a5111f35ee ]---
Fix that by making sure, policy->governor_data is updated at the right
places only.
Cc: 4.2+ <stable@vger.kernel.org> # 4.2+
Reported-and-tested-by: Juri Lelli <juri.lelli@arm.com>
Signed-off-by: Viresh Kumar <viresh.kumar@linaro.org>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Anders Roxell [Wed, 27 Jan 2016 19:26:54 +0000 (20:26 +0100)]
cpuidle: coupled: remove unused define cpuidle_coupled_lock
This was found with the -RT patch enabled, but the fix should apply to
non-RT also.
Used multi_v7_defconfig+PREEMPT_RT_FULL=y and this caused a compilation
warning without this fix:
../drivers/cpuidle/coupled.c:122:21: warning: 'cpuidle_coupled_lock'
defined but not used [-Wunused-variable]
Signed-off-by: Anders Roxell <anders.roxell@linaro.org>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Moritz Fischer [Wed, 27 Jan 2016 07:29:27 +0000 (08:29 +0100)]
PM / Domains: Fix typo in comment
Acked-by: Kevin Hilman <khilman@baylibre.com>
Signed-off-by: Moritz Fischer <moritz.fischer@ettus.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Ulf Hansson [Wed, 27 Jan 2016 08:10:37 +0000 (09:10 +0100)]
PM / Domains: Fix potential deadlock while adding/removing subdomains
We must preserve the same order of how we acquire and release the lock for
genpd, as otherwise we may encounter deadlocks.
The power on phase of a genpd starts by acquiring its lock. Then it walks
the hierarchy of its parent domains to be able to power on these first, as
per design of genpd.
From a locking perspective this means the locks of the parents becomes
acquired after the lock of the subdomain.
Let's fix pm_genpd_add|remove_subdomain() to maintain the same order of
acquiring/releasing the genpd lock as being applied in the power on/off
sequence.
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Linus Torvalds [Wed, 27 Jan 2016 19:56:03 +0000 (11:56 -0800)]
Merge tag 'for_linus' of git://git./linux/kernel/git/mst/vhost
Pull virtio tests and fixes from Michael Tsirkin:
"This fixes existing tests broken by barrier rework, and adds some new
tests.
Plus, there's a fix for an old bug in virtio-pci"
* tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost:
tools/virtio: add ringtest utilities
sh: fix smp_store_mb for !SMP
tools/virtio: use virt_xxx barriers
virtio_pci: fix use after free on release
Ralf Baechle [Wed, 27 Jan 2016 19:50:36 +0000 (20:50 +0100)]
Revert "MIPS: bcm63xx: nvram: Remove unused bcm63xx_nvram_get_psi_size() function"
This reverts commit
5bdb102b3f9785cb88467bc7c75fa0f5cacc8dc5.
Brian Norris <computersforpeace@gmail.com> is reporting:
Ralf,
Please revert this and send it to Linus (or else, I can send it myself).
This is causing build failures, because I didn't take the rest of
Simon's series yet.
drivers/mtd/bcm63xxpart.c: In function 'bcm63xx_parse_cfe_partitions':
drivers/mtd/bcm63xxpart.c:93:2: error: implicit declaration of function
'bcm63xx_nvram_get_psi_size' [-Werror=implicit-function-declaration]
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
References: https://www.linux-mips.org/cgi-bin/mesg.cgi?a=linux-mips&i=
20160126191607.GA111152%40google.com
Linus Torvalds [Wed, 27 Jan 2016 19:08:30 +0000 (11:08 -0800)]
Merge tag 'arm64-fixes' of git://git./linux/kernel/git/arm64/linux
Pull arm64 fixes from Will Deacon:
"The main thing here is to get us booting under qemu again after it
turned out that not all of the PMU registers are emulated there,
causing us to die early in boot.
- Ensure we don't access PMU registers of the PMU is not implemented
(fixes booting under QEMU)
- Fix BUG_ON triggered during module loading with DEBUG_SET_MODULE_RONX
- Ensure the kasan zero page is read-only
- Hide __efistub_ symbol aliases from kallsyms, since they otherwise
confuse the backtrace code
- Ensure !PTE_WRITE kernel ptes are marked as read-only
- defconfig updates based on requests and patches on the list
- Other minor fixes (typos, build system)"
* tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
arm64: mm: avoid calling apply_to_page_range on empty range
arm64: defconfig: updates for 4.5
arm64: errata: Add -mpc-relative-literal-loads to build flags
Eliminate the .eh_frame sections from the aarch64 vmlinux and kernel modules
arm64: Fix an enum typo in mm/dump.c
arm64: Honour !PTE_WRITE in set_pte_at() for kernel mappings
arm64: kernel: fix architected PMU registers unconditional access
arm64: kasan: ensure that the KASAN zero page is mapped read-only
arm64: hide __efistub_ aliases from kallsyms
Linus Torvalds [Wed, 27 Jan 2016 18:50:42 +0000 (10:50 -0800)]
Merge tag 'for-linus' of git://git./virt/kvm/kvm
Pull KVM fixes from Paolo Bonzini:
"s390 and POWER bug fixes, plus enabling the KVM-VFIO interface on
s390"
* tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
KVM doc: Fix KVM_SMI chapter number
KVM: s390: fix memory overwrites when vx is disabled
KVM: s390: Enable the KVM-VFIO device
KVM: s390: fix guest fprs memory leak
KVM: PPC: Fix ONE_REG AltiVec support
KVM: PPC: Increase memslots to 512
KVM: PPC: Book3S PR: Remove unused variable 'vcpu_book3s'
KVM: PPC: Fix emulation of H_SET_DABR/X on POWER8
KVM: PPC: Book3S HV: Handle unexpected traps in guest entry/exit code better
Antonio Ospite [Wed, 27 Jan 2016 12:37:34 +0000 (13:37 +0100)]
mailmap: redirect inactive address <ao2@amarulasolutions.com>
The email address <ao2@amarulasolutions.com> is not active anymore, use
Antonio's personal email address <ao2@ao2.it> in case someone wants to
get in touch for the code wrote for Amarula Solutions.
Signed-off-by: Antonio Ospite <ao2@ao2.it>
Cc: Michael Trimarchi <michael@amarulasolutions.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Alex Williamson [Wed, 27 Jan 2016 18:22:25 +0000 (11:22 -0700)]
vfio/noiommu: Don't use iommu_present() to track fake groups
Using iommu_present() to determine whether an IOMMU group is real or
fake has some problems. First, apparently Power systems don't
register an IOMMU on the device bus, so the groups and containers get
marked as noiommu and then won't bind to their actual IOMMU driver.
Second, I expect we'll run into the same issue as we try to support
vGPUs through vfio, since they're likely to emulate this behavior of
creating an IOMMU group on a virtual device and then providing a vfio
IOMMU backend tailored to the sort of isolation they provide, which
won't necessarily be fully compatible with the IOMMU API.
The solution here is to use the existing iommudata interface to IOMMU
groups, which allows us to easily identify the fake groups we've
created for noiommu purposes. The iommudata we set is purely
arbitrary since we're only comparing the address, so we use the
address of the noiommu switch itself.
Reported-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Reviewed-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Tested-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Tested-by: Anatoly Burakov <anatoly.burakov@intel.com>
Tested-by: Santosh Shukla <sshukla@mvista.com>
Fixes: 03a76b60f8ba ("vfio: Include No-IOMMU mode")
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Russell King [Wed, 27 Jan 2016 18:14:13 +0000 (18:14 +0000)]
ARM: wire up copy_file_range() syscall
Add the copy_file_range() syscall to ARM.
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Slava Grigorev [Tue, 26 Jan 2016 22:35:57 +0000 (17:35 -0500)]
drm/radeon: fix DP audio support for APU with DCE4.1 display engine
Properly setup the DFS divider for DP audio for DCE4.1.
Signed-off-by: Slava Grigorev <slava.grigorev@amd.com>
Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
Reviewed-by: Christian König <christian.koenig@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org
Slava Grigorev [Tue, 26 Jan 2016 21:56:25 +0000 (16:56 -0500)]
drm/radeon: Add a common function for DFS handling
Move encoding of DFS (digital frequency synthesizer) divider into a
separate function and improve calculation precision.
Signed-off-by: Slava Grigorev <slava.grigorev@amd.com>
Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
Reviewed-by: Christian König <christian.koenig@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org
Slava Grigorev [Tue, 26 Jan 2016 21:45:10 +0000 (16:45 -0500)]
drm/radeon: cleaned up VCO output settings for DP audio
This is preparation for the fixes in the following patches.
Signed-off-by: Slava Grigorev <slava.grigorev@amd.com>
Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
Reviewed-by: Christian König <christian.koenig@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org
Rex Zhu [Thu, 21 Jan 2016 11:24:44 +0000 (19:24 +0800)]
drm/amd/powerplay: Update SMU firmware loading for Stoney
Fix firmware init on Stoney when powerplay is enabled.
Signed-off-by: Rex Zhu <Rex.Zhu@amd.com>
Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Jann Horn [Sat, 26 Dec 2015 05:00:48 +0000 (06:00 +0100)]
seccomp: always propagate NO_NEW_PRIVS on tsync
Before this patch, a process with some permissive seccomp filter
that was applied by root without NO_NEW_PRIVS was able to add
more filters to itself without setting NO_NEW_PRIVS by setting
the new filter from a throwaway thread with NO_NEW_PRIVS.
Signed-off-by: Jann Horn <jann@thejh.net>
Cc: stable@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>
Chris Mason [Wed, 27 Jan 2016 14:38:45 +0000 (06:38 -0800)]
btrfs: don't use GFP_HIGHMEM for free-space-tree bitmap kzalloc
This was copied incorrectly from the __vmalloc call.
Signed-off-by: Chris Mason <clm@fb.com>
Christian Borntraeger [Wed, 27 Jan 2016 14:37:58 +0000 (15:37 +0100)]
debugobjects: Allow bigger number of early boot objects
On my bigger s390 systems I always get "Out of memory.
ODEBUG disabled". Since the number of objects is needed at
compile time, we can not change the size dynamically before
the caches etc are available. Doubling the size seems to
do the trick. Since it is init data it will be freed anyway,
this should be ok.
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Link: http://lkml.kernel.org/r/1453905478-13409-1-git-send-email-borntraeger@de.ibm.com
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
This page took 0.054223 seconds and 5 git commands to generate.