Commit Graph

311951 Commits

Author SHA1 Message Date
Dan Williams
6ef1b512f4 [SCSI] libsas: fix taskfile corruption in sas_ata_qc_fill_rtf
fill_result_tf() grabs the taskfile flags from the originating qc which
sas_ata_qc_fill_rtf() promptly overwrites.  The presence of an
ata_taskfile in the sata_device makes it tempting to just copy the full
contents in sas_ata_qc_fill_rtf().  However, libata really only wants
the fis contents and expects the other portions of the taskfile to not
be touched by ->qc_fill_rtf.  To that end store a fis buffer in the
sata_device and use ata_tf_from_fis() like every other ->qc_fill_rtf()
implementation.

Cc: <stable@vger.kernel.org>
Reported-by: Praveen Murali <pmurali@logicube.com>
Tested-by: Praveen Murali <pmurali@logicube.com>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Signed-off-by: James Bottomley <JBottomley@Parallels.com>
2012-07-08 09:49:14 +01:00
Mark Rustad
222a806af8 [SCSI] Fix NULL dereferences in scsi_cmd_to_driver
Avoid crashing if the private_data pointer happens to be NULL. This has
been seen sometimes when a host reset happens, notably when there are
many LUNs:

host3: Assigned Port ID 0c1601
scsi host3: libfc: Host reset succeeded on port (0c1601)
BUG: unable to handle kernel NULL pointer dereference at 0000000000000350
IP: [<ffffffff81352bb8>] scsi_send_eh_cmnd+0x58/0x3a0
<snip>
Process scsi_eh_3 (pid: 4144, threadinfo ffff88030920c000, task ffff880326b160c0)
Stack:
 000000010372e6ba 0000000000000282 000027100920dca0 ffffffffa0038ee0
 0000000000000000 0000000000030003 ffff88030920dc80 ffff88030920dc80
 00000002000e0000 0000000a00004000 ffff8803242f7760 ffff88031326ed80
Call Trace:
 [<ffffffff8105b590>] ? lock_timer_base+0x70/0x70
 [<ffffffff81352fbe>] scsi_eh_tur+0x3e/0xc0
 [<ffffffff81353a36>] scsi_eh_test_devices+0x76/0x170
 [<ffffffff81354125>] scsi_eh_host_reset+0x85/0x160
 [<ffffffff81354291>] scsi_eh_ready_devs+0x91/0x110
 [<ffffffff813543fd>] scsi_unjam_host+0xed/0x1f0
 [<ffffffff813546a8>] scsi_error_handler+0x1a8/0x200
 [<ffffffff81354500>] ? scsi_unjam_host+0x1f0/0x1f0
 [<ffffffff8106ec3e>] kthread+0x9e/0xb0
 [<ffffffff81509264>] kernel_thread_helper+0x4/0x10
 [<ffffffff8106eba0>] ? kthread_freezable_should_stop+0x70/0x70
 [<ffffffff81509260>] ? gs_change+0x13/0x13
Code: 25 28 00 00 00 48 89 45 c8 31 c0 48 8b 87 80 00 00 00 48 8d b5 60 ff ff ff 89 d1 48 89 fb 41 89 d6 4c 89 fa 48 8b 80 b8 00 00 00
 <48> 8b 80 50 03 00 00 48 8b 00 48 89 85 38 ff ff ff 48 8b 07 4c
RIP  [<ffffffff81352bb8>] scsi_send_eh_cmnd+0x58/0x3a0
 RSP <ffff88030920dc50>
CR2: 0000000000000350


Signed-off-by: Mark Rustad <mark.d.rustad@intel.com>
Tested-by: Marcus Dennis <marcusx.e.dennis@intel.com>
Cc: <stable@kernel.org>
Signed-off-by: James Bottomley <JBottomley@Parallels.com>
2012-07-08 09:40:51 +01:00
Linus Torvalds
bd0a521e88 Linux 3.5-rc6 2012-07-07 17:23:56 -07:00
Linus Torvalds
a0127afbed Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull security docs update from James Morris.

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
  security: Minor improvements to no_new_privs documentation
2012-07-07 17:21:59 -07:00
Linus Torvalds
332a2e1244 vfs: make O_PATH file descriptors usable for 'fchdir()'
We already use them for openat() and friends, but fchdir() also wants to
be able to use O_PATH file descriptors.  This should make it comparable
to the O_SEARCH of Solaris.  In particular, O_PATH allows you to access
(not-quite-open) a directory you don't have read persmission to, only
execute permission.

Noticed during development of multithread support for ksh93.

Reported-by: ольга крыжановская <olga.kryzhanovska@gmail.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: stable@kernel.org    # O_PATH introduced in 3.0+
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2012-07-07 17:19:02 -07:00
Tejun Heo
5db9a4d99b cgroup: fix cgroup hierarchy umount race
48ddbe1946 "cgroup: make css->refcnt clearing on cgroup removal
optional" allowed a css to linger after the associated cgroup is
removed.  As a css holds a reference on the cgroup's dentry, it means
that cgroup dentries may linger for a while.

Destroying a superblock which has dentries with positive refcnts is a
critical bug and triggers BUG() in vfs code.  As each cgroup dentry
holds an s_active reference, any lingering cgroup has both its dentry
and the superblock pinned and thus preventing premature release of
superblock.

Unfortunately, after 48ddbe1946, there's a small window while
releasing a cgroup which is directly under the root of the hierarchy.
When a cgroup directory is released, vfs layer first deletes the
corresponding dentry and then invokes dput() on the parent, which may
recurse further, so when a cgroup directly below root cgroup is
released, the cgroup is first destroyed - which releases the s_active
it was holding - and then the dentry for the root cgroup is dput().

This creates a window where the root dentry's refcnt isn't zero but
superblock's s_active is.  If umount happens before or during this
window, vfs will see the root dentry with non-zero refcnt and trigger
BUG().

Before 48ddbe1946, this problem didn't exist because the last dentry
reference was guaranteed to be put synchronously from rmdir(2)
invocation which holds s_active around the whole process.

Fix it by holding an extra superblock->s_active reference across
dput() from css release, which is the dput() path added by 48ddbe1946
and the only one which doesn't hold an extra s_active ref across the
final cgroup dput().

Signed-off-by: Tejun Heo <tj@kernel.org>
LKML-Reference: <4FEEA5CB.8070809@huawei.com>
Reported-by: shyju pv <shyju.pv@huawei.com>
Tested-by: shyju pv <shyju.pv@huawei.com>
Cc: Sasha Levin <levinsasha928@gmail.com>
Acked-by: Li Zefan <lizefan@huawei.com>
2012-07-07 16:08:18 -07:00
Tejun Heo
7db5b3ca0e Revert "cgroup: superblock can't be released with active dentries"
This reverts commit fa980ca87d.  The
commit was an attempt to fix a race condition where a cgroup hierarchy
may be unmounted with positive dentry reference on root cgroup.  While
the commit made the race condition slightly more difficult to trigger,
the race was still there and could be reliably triggered using a
different test case.

Revert the incorrect fix.  The next commit will describe the race and
fix it correctly.

Signed-off-by: Tejun Heo <tj@kernel.org>
LKML-Reference: <4FEEA5CB.8070809@huawei.com>
Reported-by: shyju pv <shyju.pv@huawei.com>
Cc: Sasha Levin <levinsasha928@gmail.com>
Acked-by: Li Zefan <lizefan@huawei.com>
2012-07-07 15:55:47 -07:00
Shinya Kuribayashi
476a7eeb60 hwspinlock/core: use global ID to register hwspinlocks on multiple devices
Commit 300bab9770 (hwspinlock/core: register a bank of hwspinlocks in a
single API call, 2011-09-06) introduced 'hwspin_lock_register_single()'
to register numerous (a bank of) hwspinlock instances in a single API,
'hwspin_lock_register()'.

At which time, 'hwspin_lock_register()' accidentally passes 'local IDs'
to 'hwspin_lock_register_single()', despite that ..._single() requires
'global IDs' to register hwspinlocks.

We have to convert into global IDs by supplying the missing 'base_id'.

Cc: stable <stable@vger.kernel.org>
Signed-off-by: Shinya Kuribayashi <shinya.kuribayashi.px@renesas.com>
[ohad: fix error path of hwspin_lock_register, too]
Signed-off-by: Ohad Ben-Cohen <ohad@wizery.com>
2012-07-07 22:35:30 +03:00
Linus Torvalds
cd6407fe22 Merge branch 'fixes' of git://git.linaro.org/people/rmk/linux-arm
Pull ARM fixes from Russell King:
 "Last merge window, we had some updates from Al cleaning up the signal
  restart handling.  These have caused some problems on ARM, and while
  Al has some fixes, we have some concerns with Al's patches but we've
  been unsuccesful with discussing this.

  We have got to the point where we need to do something, and we've
  decided that the best solution is to revert the appropriate commits
  until Al is able to reply to us.

  Also included here are four patches to fix warnings that I've noticed
  in my build system, and one fix for kprobes test code."

* 'fixes' of git://git.linaro.org/people/rmk/linux-arm:
  ARM: fix warning caused by wrongly typed arm_dma_limit
  ARM: fix warnings about atomic64_read
  ARM: 7440/1: kprobes: only test 'sub pc, pc, #1b-2b+8-2' on ARMv6
  ARM: 7441/1: perf: return -EOPNOTSUPP if requested mode exclusion is unavailable
  ARM: 7443/1: Revert "new way of handling ERESTART_RESTARTBLOCK"
  ARM: 7442/1: Revert "remove unused restart trampoline"
  ARM: fix set_domain() macro
  ARM: fix mach-versatile/pci.c warning
2012-07-07 11:20:59 -07:00
Andy Lutomirski
c540521bba security: Minor improvements to no_new_privs documentation
The documentation didn't actually mention how to enable no_new_privs.
This also adds a note about possible interactions between
no_new_privs and LSMs (i.e. why teaching systemd to set no_new_privs
is not necessarily a good idea), and it references the new docs
from include/linux/prctl.h.

Suggested-by: Rob Landley <rob@landley.net>
Signed-off-by: Andy Lutomirski <luto@amacapital.net>
Acked-by: Kees Cook <keescook@chromium.org>
Signed-off-by: James Morris <james.l.morris@oracle.com>
2012-07-08 00:25:48 +10:00
Sylwester Nawrocki
ec3ed85f92 [media] Revert "[media] V4L: JPEG class documentation corrections"
This reverts commit feed0258e1, as the same issues
are already covered in another version of that patch that
was also applied (579e92ffac).

Signed-off-by: Sylwester Nawrocki <s.nawrocki@samsung.com>
Signed-off-by: Kyungmin Park <kyungmin.park@samsung.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
2012-07-07 00:12:50 -03:00
Sylwester Nawrocki
4e39da0102 [media] s5p-fimc: Add missing FIMC-LITE file operations locking
commit 5126f2590b
"v4l2-dev: add flag to have the core lock all file operations"
introduced an additional bit flag (V4L2_FL_LOCK_ALL_FOPS) that
should be set by drivers that use the v4l2 core lock for all file
operations. Since this driver has been merged at the same time as
the core changes it doesn't set this flags and thus its all file
operations except IOCTL are not properly serialized. Fix this by
adding file ops locking in the driver.

Signed-off-by: Sylwester Nawrocki <s.nawrocki@samsung.com>
Signed-off-by: Kyungmin Park <kyungmin.park@samsung.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
2012-07-07 00:12:39 -03:00
Laurent Pinchart
5aedc10940 [media] omap3isp: preview: Fix contrast and brightness handling
Commit bac387efbb ("omap3isp: preview:
Simplify configuration parameters access") added three fields to the
preview_update structure, but failed to properly update the related
initializers. Fix this.

Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
2012-07-06 19:36:39 -03:00
Laurent Pinchart
7103180b43 [media] omap3isp: preview: Fix output size computation depending on input format
The preview engine crops 4 columns and 4 lines when CFA is enabled.
Commit b2da46e52f ("omap3isp: preview: Add
support for greyscale input") inverted the condition by mistake, fix
this.

Reported-by: Florian Neuhaus <florian.neuhaus@reberinformatik.ch>
Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Tested-by: Florian Neuhaus <florian.neuhaus@reberinformatik.ch>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
2012-07-06 19:36:39 -03:00
Anton Blanchard
8299d62843 [media] winbond-cir: Initialise timeout, driver_type and allowed_protos
We need to set a timeout so we can go idle on no activity.

Signed-off-by: Anton Blanchard <anton@samba.org>
Acked-by: David Härdeman <david@hardeman.nu>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
2012-07-06 19:36:38 -03:00
Anton Blanchard
57f4422f7b [media] winbond-cir: Fix txandrx module info
We aren't getting any module info for the txandx option because
of a typo:

parm:           txandrx:bool

Signed-off-by: Anton Blanchard <anton@samba.org>
Acked-by: David Härdeman <david@hardeman.nu>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
2012-07-06 19:36:37 -03:00
Anton Blanchard
c6cff16926 [media] cx23885: Silence unknown command warnings
I am seeing a constant stream of warnings on my cx23885 based card:
	cx23885_tuner_callback(): Unknown command 0x2.

Add a check in cx23885_tuner_callback to silence it.

Signed-off-by: Anton Blanchard <anton@samba.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
2012-07-06 19:36:37 -03:00
Devin Heitmueller
0ac60acb54 [media] cx23885: add support for HVR-1255 analog (cx23888 variant)
Get the HVR-1255 analog support working for all supported inputs.  This
includes introduction of a new board profile for an OEM variant which
doesn't have all the same inputs as the retail version of the board.

Validated with the following boards:

HVR-1255 (0070:2259)

Thanks to Steven Toth and Hauppauge for	loaning	me various boards to
regression test	with.

Thanks-to: Steven Toth <stoth@kernellabs.com>
Signed-off-by: Devin Heitmueler <dheitmueller@kernellabs.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
2012-07-06 19:36:35 -03:00
Devin Heitmueller
d214ddc868 [media] cx23885: make analog support work for HVR_1250 (cx23885 variant)
The analog support in the cx23885 driver was completely broken for the
HVR-1250.  Add the necessary code.

Note that this only implements analog for the composite and s-video
inputs. The tuner input continues to be non-functional due to a lack of
analog support in the mt2131 driver.

Validated with the following boards:

HVR-1250 (0070:7911)

Thanks to Steven Toth and Hauppauge for	loaning	me various boards to
regression test	with.

Thanks-to: Steven Toth <stoth@kernellabs.com>
Signed-off-by: Devin Heitmueler <dheitmueller@kernellabs.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
2012-07-06 19:36:34 -03:00
Devin Heitmueller
b5c5c17bab [media] cx25840: fix vsrc/hsrc usage on cx23888 designs
The location of the vsrc/hsrc registers moved in the cx23888, causing
the s_mbus call to fail prematurely indicating that "720x480 is not a
valid size". The function bailed out before many pertinent registers
were set related to the scaler (causing unexpected results in video
rendering when doing raw video capture).

Use the correct registers for the cx23888.

Validated with the following boards:

HVR-1800 retail (0070:7801)
HVR-1800 OEM (0070:7809)
HVR-1850 retail (0070:8541)

Thanks to Steven Toth and Hauppauge for	loaning	me various boards to
regression test with.

Reported-by: Jonathan <sitten74490@mypacks.net>
Thanks-to: Steven Toth <stoth@kernellabs.com>
Signed-off-by: Devin Heitmueler <dheitmueller@kernellabs.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
2012-07-06 19:36:32 -03:00
Devin Heitmueller
d90133ec58 [media] cx25840: fix regression in HVR-1800 analog audio
The refactoring of the cx25840 driver to support the cx23888 caused breakage
with the existing support for cx23885/cx23887 analog audio support.  Tweak
the code so that it only uses the code if it really is a cx23888 instead of
applying it to all cx2388x based devices.

Validated with the following boards:

HVR-1800 retail (0070:7801)
HVR-1800 OEM (0070:7809)
HVR_1850 retail	(0070:8541)

Thanks to Steven Toth and Hauppauge for	loaning	me various boards to
regression test with.

Reported-by: Jonathan <sitten74490@mypacks.net>
Thanks-to: Steven Toth <stoth@kernellabs.com>
Signed-off-by: Devin Heitmueler <dheitmueller@kernellabs.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
2012-07-06 19:36:32 -03:00
Devin Heitmueller
e6d0db1d47 [media] cx25840: fix regression in analog support hue/saturation controls
Fix regression in HVR-1800 analog support hue/saturation controls.

The changes made for the cx23888 caused regressions in the analog
support for cx23885/cx23887 based boards (partly due to changes in the
locations of the hue/saturation controls).  As a result the wrong
registers were being overwritten.

Add code to use the correct registers if it's a cx23888

Validated with the following boards:

HVR-1800 retail (0070:7801)
HVR-1800 OEM (0070:7809)
HVR-1850 retail (0070:8541)

Thanks to Steven Toth and Hauppauge for	loaning	me various boards to
regression test	 with.

Reported-by: Jonathan <sitten74490@mypacks.net>
Thanks-to: Steven Toth <stoth@kernellabs.com>
Signed-off-by: Devin Heitmueler <dheitmueller@kernellabs.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
2012-07-06 19:36:31 -03:00
Devin Heitmueller
ba50e7e16b [media] cx25840: fix regression in HVR-1800 analog support
The refactoring of the cx25840 driver to support the cx23888 caused breakage
with the existing support for cx23885/cx23887 analog support.  Rework the
routines such that the new code is only used for the 888.

Validated with the following boards:

HVR-1800 retail (0070:7801)
HVR-1800 OEM (0070:7809)
HVR_1850 retail (0070:8541)

Thanks to Steven Toth and Hauppauge for loaning me various boards to
regression test with.

Reported-by: Jonathan <sitten74490@mypacks.net>
Thanks-to: Steven Toth <stoth@kernellabs.com>
Signed-off-by: Devin Heitmueler <dheitmueller@kernellabs.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
2012-07-06 19:36:30 -03:00
Kamil Debski
a65c3262a7 [media] s5p-mfc: Fixed setup of custom controls in decoder and encoder
Fixed bugs in functions that initialize custom controls.

Signed-off-by: Kamil Debski <k.debski@samsung.com>
Signed-off-by: Kyungmin Park <kyungmin.park@samsung.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
2012-07-06 19:36:29 -03:00
David Dillow
a7deca6fa7 [media] cx231xx: don't DMA to random addresses
Commit 7a6f6c29d2 (cx231xx: use
URB_NO_TRANSFER_DMA_MAP) was intended to avoid mapping the DMA buffer
for URB twice. This works for the URBs allocated with usb_alloc_urb(),
as those are allocated from cohernent DMA pools, but the flag was also
added for the VBI and audio URBs, which have a manually allocated area.
This leaves the random trash in the structure after allocation as the
DMA address, corrupting memory and preventing VBI and audio from
working. Letting the USB core map the buffers solves the problem.

Cc: stable@kernel.org
Signed-off-by: David Dillow <dave@thedillows.org>
Cc: Sri Deevi <srinivasa.deevi@conexant.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
2012-07-06 19:36:28 -03:00
Mauro Carvalho Chehab
4dab0e5fe8 [media] em28xx: fix em28xx-rc load
The logic that checks if a device has remote control is wrong.
Due to that, the em28xx RC module is not loaded by default.

Fix the logic, in order to make it work properly.

Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
2012-07-06 19:36:27 -03:00
Santosh Nayak
82163edcdf [media] dvb-core: Release semaphore on error path dvb_register_device()
There is a missing "up_write()" here. Semaphore should be released
before returning error value.

Cc: stable@kernel.org
Signed-off-by: Santosh Nayak <santoshprasadnayak@gmail.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
2012-07-06 19:36:27 -03:00
Linus Torvalds
26c439d400 Fixes an incorrect access mode check when preparing to open a file in the lower
filesystem. This isn't an urgent fix, but it is simple and the check was
 obviously incorrect.
 
 Also fixes a couple important bugs in the eCryptfs miscdev interface. These
 changes are low risk due to the small number of users that use the miscdev
 interface. I was able to keep the changes minimal and I have some cleaner, more
 complete changes queued up for the next merge window that will build on these
 patches.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.11 (GNU/Linux)
 
 iQIcBAABCgAGBQJP92LsAAoJENaSAD2qAscKCWkP/3BWpv0AS0fnrZPniXv/+vjf
 gdV4NcQhE/86VsQ7CtZS7jqfSVTzm+YTta9BTKj6jWZuGUZGcjXsZdyMpleBZukh
 TvRSW3HKCRtC8XNHzle3YUukD1o465nMEiCUQOYcWjAa3in7cZTiFU+3S2Unn5UF
 yh2Slfzjxkl2EUHEbcBiBayzaMH2gqwAvRR4sjM0P175m/jjDF6pDGT5vc0skvcP
 kLzFr/3Ia9BW1nU0yblTtSNcHzYV8GTJVEpj1NR7q59x2gVJubF6hBDtbZdaaGK0
 rYlKV+w9mRwzUCuVdb4zPCa9EGrbqH4gYvIWsCW+R0zoK57rfIRolQVYEglGE2TU
 K3HHL6UOsPASZCQqhi+K+tCmYtZaCfeMhDRgxyDOaxS4rQ6dy+XO6f9zM30qw1UB
 QHeVEQl7bM0IpByCcjVbuNJT4zTlW7xmsLm/pbGv60UBdZpqaUZptEBEpgUFjq30
 shgNLlHHWvelhf52gbff+ytCHf+IDVPT/Q2aGjhC2fgqWiQno44vR88gtMQz6b7g
 4yEL7t0TqBB9jCBu/ikTITGpRH5S149e3oYGm2P/+YYZUGlw0Gf9N6TBkctJFSg/
 /vk6aobMnjfxmeM80xOKey5Y1zDis660sgt1hX8NVAuo4hp7VQfWGhEZ8lYqzCzP
 aJci4ZXaDzwXx6UCC5w2
 =TEei
 -----END PGP SIGNATURE-----

Merge tag 'ecryptfs-3.5-rc6-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tyhicks/ecryptfs

Pull eCryptfs fixes from Tyler Hicks:
 "Fixes an incorrect access mode check when preparing to open a file in
  the lower filesystem.  This isn't an urgent fix, but it is simple and
  the check was obviously incorrect.

  Also fixes a couple important bugs in the eCryptfs miscdev interface.
  These changes are low risk due to the small number of users that use
  the miscdev interface.  I was able to keep the changes minimal and I
  have some cleaner, more complete changes queued up for the next merge
  window that will build on these patches."

* tag 'ecryptfs-3.5-rc6-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tyhicks/ecryptfs:
  eCryptfs: Gracefully refuse miscdev file ops on inherited/passed files
  eCryptfs: Fix lockdep warning in miscdev operations
  eCryptfs: Properly check for O_RDONLY flag before doing privileged open
2012-07-06 15:32:18 -07:00
Linus Torvalds
c8912f2be3 Merge git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending
Pull target fixes from Nicholas Bellinger:
 "Two minor target fixes.  There is really nothing exciting and/or
  controversial this time around.

  There's one fix from MDR for a RCU debug warning message within tcm_fc
  code (CC'ed to stable), and a small AC fix for qla_target.c based upon
  a recent Coverity static report.

  Also, there is one other outstanding virtio-scsi LUN scanning bugfix
  that has been uncovered with the in-flight tcm_vhost driver over the
  last days, and that needs to make it into 3.5 final too.  This patch
  has been posted to linux-scsi again here:

    http://marc.info/?l=linux-scsi&m=134160609212542&w=2

  and I've asked James to include it in his next PULL request."

* git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending:
  qla2xxx: print the right array elements in qlt_async_event
  tcm_fc: Resolve suspicious RCU usage warnings
2012-07-06 13:59:50 -07:00
Tyler Hicks
8dc6780587 eCryptfs: Gracefully refuse miscdev file ops on inherited/passed files
File operations on /dev/ecryptfs would BUG() when the operations were
performed by processes other than the process that originally opened the
file. This could happen with open files inherited after fork() or file
descriptors passed through IPC mechanisms. Rather than calling BUG(), an
error code can be safely returned in most situations.

In ecryptfs_miscdev_release(), eCryptfs still needs to handle the
release even if the last file reference is being held by a process that
didn't originally open the file. ecryptfs_find_daemon_by_euid() will not
be successful, so a pointer to the daemon is stored in the file's
private_data. The private_data pointer is initialized when the miscdev
file is opened and only used when the file is released.

https://launchpad.net/bugs/994247

Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Reported-by: Sasha Levin <levinsasha928@gmail.com>
Tested-by: Sasha Levin <levinsasha928@gmail.com>
2012-07-06 15:51:12 -05:00
Alan Cox
4f1d0f1971 qla2xxx: print the right array elements in qlt_async_event
Based upon Alan's patch from Coverity scan id 793583, these debug
messages in qlt_async_event() should be starting from byte 0, which is
always the Asynchronous Event Status Code from the parent switch statement.

Also, rename reason_code -> login_code following the language used in
2500 FW spec for Port Database Changed (0x8014) -> Port Database Changed
Event Mailbox Register for mailbox[2].

Signed-off-by: Alan Cox <alan@linux.intel.com>
Cc: Chad Dupuis <chad.dupuis@qlogic.com>
Cc: Giridhar Malavali <giridhar.malavali@qlogic.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-07-06 13:09:23 -07:00
Magnus Damm
873e9f7a3b ARM: shmobile: fix platsmp.c build when ARCH_SH73A0=n
Fix build error in the case of SMP=y but ARCH_SH73A0=n
introduced by:

9601e87 ARM: shmobile: fix smp build

The use of of_machine_is_compatible() will link in the
the SoC-specific symbols:
"sh73a0_get_core_count", "sh73a0_smp_prepare_cpus",
"sh73a0_secondary_init" and "sh73a0_boot_secondary".

This patch adds an ugly #ifdef wrapper as a stop-gap
solution.

Signed-off-by: Magnus Damm <damm@opensource.se>
Tested-by: Tested-by: Simon Horman <horms@verge.net.au>
Acked-by: "Rafael J. Wysocki" <rjw@sisk.pl>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
2012-07-06 22:00:20 +02:00
Mark Rustad
863555be0c tcm_fc: Resolve suspicious RCU usage warnings
Use rcu_dereference_protected to tell rcu that the ft_lport_lock
is held during ft_lport_create. This resolved "suspicious RCU usage"
warnings when debugging options are turned on.

Signed-off-by: Mark Rustad <mark.d.rustad@intel.com>
Tested-by: Ross Brattain <ross.b.brattain@intel.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2012-07-06 12:52:09 -07:00
Arnd Bergmann
78ee225fc1 Merge branch 'ux500/fixes-3.5' into fixes
From Lee Jones <lee.jones@linaro.org>:

* ux500/fixes-3.5:
  ARM: ux500: Over-ride the DT device naming scheme for pinctrl
  ARM: ux500: Fix build errors/warnings when MACH_UX500_DT is not set
  of: address: Don't fail a lookup just because a node has no reg property

I ended up rebasing Lee's branch on 3.5-rc5 because we have more patches
lined for 3.6 that depend on them, and I want to keep all branches in
arm-soc be based on -rc releases rather than random commits in the
upstream history.

Signed-off-by: Arnd Bergmann <arnd@arndb.de>
2012-07-06 21:44:51 +02:00
Lee Jones
2b667a2d80 ARM: ux500: Over-ride the DT device naming scheme for pinctrl
When pin control mapping tables are written the registered device
name is supplied for use in name-based searches within the pinctrl
driver. In the case of the DB8500 the string "pinctrl-db8500" is
used. However, when we register the driver with Device Tree, its
naming convention uses something that looks more like "pinctrl.2".

To work around the device naming inconsistencies between devices
registered via platform code and the ones registered by Device
Tree, we use AUXDATA to over-ride the Device Tree naming scheme.

Acked-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Lee Jones <lee.jones@linaro.org>
2012-07-06 21:42:10 +02:00
Lee Jones
c57920e6c2 ARM: ux500: Fix build errors/warnings when MACH_UX500_DT is not set
When MACH_UX500_DT and all related Device Tree configurations are forced
off the warning and error below prevent the kernel from compiling. This
simple patch fixes both issues and allows for full build and boot of
ST-Ericsson's low-cost development board, Snowball.

Warnings fixed:
  arch/arm/mach-ux500/board-mop500.c:680:32: warning: ‘snowball_of_platform_devs’ defined but not used

Errors fixed:
  arch/arm/mach-ux500/timer.c: In function ‘ux500_timer_init’:
  arch/arm/mach-ux500/timer.c:66:3: error: implicit declaration of function ‘of_find_matching_node’
  arch/arm/mach-ux500/timer.c:66:6: warning: assignment makes pointer from integer without a cast

Cc: stable@vger.kernel.org
Acked-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Lee Jones <lee.jones@linaro.org>
2012-07-06 21:42:10 +02:00
Lee Jones
84774e6157 of: address: Don't fail a lookup just because a node has no reg property
Sometimes it doesn't make any sense for a node to have an address.
In this case device lookup will always be unsuccessful because we
currently assume every node will have a reg property. This patch
changes the semantics so that the resource address and the lookup
address will only be compared if one exists.

Things like AUXDATA() rely on of_dev_lookup to return the lookup
entry of a particular device in order to do things like apply
platform_data to a device. However, this is currently broken for
nodes which do not have a reg property, meaning that platform_data
can not be passed in those cases.

Acked-by: Rob Herring <rob.herring@calxeda.com>
Acked-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Lee Jones <lee.jones@linaro.org>
2012-07-06 21:42:10 +02:00
Linus Torvalds
af9b9a53fa Two MTD fixes for 3.5:
- Fix a logic error in OLPC CAFÉ NAND ready() function.
 - Fix regression due to bitflip handling changes.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.12 (GNU/Linux)
 
 iEYEABECAAYFAk/265wACgkQdwG7hYl686MWGgCfdnxPKE/cJnjVm5wxlp+hTBLv
 tbsAn3hpmrXhZNYNhQ+U34RDpw8V7SYc
 =IEqd
 -----END PGP SIGNATURE-----

Merge tag 'for-linus-20120706' of git://git.infradead.org/linux-mtd

Pull two MTD fixes from David Woodhouse:
 - Fix a logic error in OLPC CAFÉ NAND ready() function.
 - Fix regression due to bitflip handling changes.

* tag 'for-linus-20120706' of git://git.infradead.org/linux-mtd:
  mtd: cafe_nand: fix an & vs | mistake
  mtd: nand: initialize bitflip_threshold prior to BBT scanning
2012-07-06 10:34:48 -07:00
Andy Lutomirski
9ab4233dd0 mm: Hold a file reference in madvise_remove
Otherwise the code races with munmap (causing a use-after-free
of the vma) or with close (causing a use-after-free of the struct
file).

The bug was introduced by commit 90ed52ebe4 ("[PATCH] holepunch: fix
mmap_sem i_mutex deadlock")

Cc: Hugh Dickins <hugh@veritas.com>
Cc: Miklos Szeredi <mszeredi@suse.cz>
Cc: Badari Pulavarty <pbadari@us.ibm.com>
Cc: Nick Piggin <npiggin@suse.de>
Cc: stable@vger.kernel.org
Signed-off-by: Andy Lutomirski <luto@amacapital.net>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2012-07-06 10:34:38 -07:00
Linus Torvalds
1b7fa4c271 Merge branch 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jlbec/ocfs2
Pull ocfs2 fixes from Joel Becker.

* 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jlbec/ocfs2:
  aio: make kiocb->private NUll in init_sync_kiocb()
  ocfs2: Fix bogus error message from ocfs2_global_read_info
  ocfs2: for SEEK_DATA/SEEK_HOLE, return internal error unchanged if ocfs2_get_clusters_nocache() or ocfs2_inode_lock() call failed.
  ocfs2: use spinlock irqsave for downconvert lock.patch
  ocfs2: Misplaced parens in unlikley
  ocfs2: clear unaligned io flag when dio fails
2012-07-06 10:04:39 -07:00
Linus Torvalds
064ea1ae80 Merge git://git.samba.org/sfrench/cifs-2.6
Pull cifs fixes from Steve French.

* git://git.samba.org/sfrench/cifs-2.6:
  cifs: when server doesn't set CAP_LARGE_READ_X, cap default rsize at MaxBufferSize
  cifs: fix parsing of password mount option
2012-07-06 10:02:12 -07:00
Linus Torvalds
1b74a8684e Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input
Pull input layer fixes from Dmitry Torokhov:
 "Two fixes for regressions in Wacom driver and fixes for drivers using
  threaded IRQ framework without specifying IRQF_ONESHOT."

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input:
  Input: request threaded-only IRQs with IRQF_ONESHOT
  Input: wacom - don't retrieve touch_max when it is predefined
  Input: wacom - fix retrieving touch_max bug
  Input: fix input.h kernel-doc warning
2012-07-06 09:50:39 -07:00
Kay Sievers
68b6507dc5 kmsg: make sure all messages reach a newly registered boot console
We suppress printing kmsg records to the console, which are already printed
immediately while we have received their fragments.

Newly registered boot consoles print the entire kmsg buffer during
registration. Clear the console-suppress flag after we skipped the record
during its first storage, so any later print will see these records as usual.

Signed-off-by: Kay Sievers <kay@vrfy.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2012-07-06 09:50:09 -07:00
Kay Sievers
cb424ffe9f kmsg: properly handle concurrent non-blocking read() from /proc/kmsg
The /proc/kmsg read() interface is internally simply wired up to a sequence
of syslog() syscalls, which might are racy between their checks and actions,
regarding concurrency.

In the (very uncommon) case of concurrent readers of /dev/kmsg, relying on
usual O_NONBLOCK behavior, the recently introduced mutex might block an
O_NONBLOCK reader in read(), when poll() returns for it, but another process
has already read the data in the meantime. We've seen that while running
artificial test setups and tools that "fight" about /proc/kmsg data.

This restores the original /proc/kmsg behavior, where in case of concurrent
read()s, poll() might wake up but the read() syscall will just return 0 to
the caller, while another process has "stolen" the data.

This is in the general case not the expected behavior, but it is the exact
same one, that can easily be triggered with a 3.4 kernel, and some tools
might just rely on it.

The mutex is not needed, the original integrity issue which introduced it,
is in the meantime covered by:
  "fill buffer with more than a single message for SYSLOG_ACTION_READ"
  116e90b23f

Cc: Yuanhan Liu <yuanhan.liu@linux.intel.com>
Acked-by: Jan Beulich <jbeulich@suse.com>
Signed-off-by: Kay Sievers <kay@vrfy.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2012-07-06 09:50:09 -07:00
Kay Sievers
43a73a50b3 kmsg: add the facility number to the syslog prefix
After the recent split of facility and level into separate variables,
we miss the facility value (always 0 for kernel-originated messages)
in the syslog prefix.

On Tue, Jul 3, 2012 at 12:45 PM, Dan Carpenter <dan.carpenter@oracle.com> wrote:
> Static checkers complain about the impossible condition here.
>
> In 084681d14e ('printk: flush continuation lines immediately to
> console'), we changed msg->level from being a u16 to being an unsigned
> 3 bit bitfield.

Cc: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Kay Sievers <kay@vrfy.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2012-07-06 09:50:09 -07:00
Kay Sievers
e3f5a5f271 kmsg: escape the backslash character while exporting data
Non-printable characters in the log data are hex-escaped to ensure safe
post processing. We need to escape a backslash we find in the data, to be
able to distinguish it from a backslash we add for the escaping.

Also escape the non-printable character 127.

Thanks to Miloslav Trmac for the heads up.

Reported-by: Michael Neuling <mikey@neuling.org>
Signed-off-by: Kay Sievers <kay@vrfy.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2012-07-06 09:50:09 -07:00
liu chuansheng
5c53d819c7 printk: replacing the raw_spin_lock/unlock with raw_spin_lock/unlock_irq
In function devkmsg_read/writev/llseek/poll/open()..., the function
raw_spin_lock/unlock is used, there is potential deadlock case happening.
CPU1: thread1 doing the cat /dev/kmsg:
        raw_spin_lock(&logbuf_lock);
        while (user->seq == log_next_seq) {
when thread1 run here, at this time one interrupt is coming on CPU1 and running
based on this thread,if the interrupt handle called the printk which need the
logbuf_lock spin also, it will cause deadlock.

So we should use raw_spin_lock/unlock_irq here.

Acked-by: Kay Sievers <kay@vrfy.org>
Signed-off-by: liu chuansheng <chuansheng.liu@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2012-07-06 09:50:08 -07:00
Herton Ronaldo Krzesinski
596fd46268 mtd: nandsim: don't open code a do_div helper
We don't need to open code the divide function, just use div_u64 that
already exists and do the same job. While this is a straightforward
clean up, there is more to that, the real motivation for this.

While building on a cross compiling environment in armel, using gcc
4.6.3 (Ubuntu/Linaro 4.6.3-1ubuntu5), I was getting the following build
error:

ERROR: "__aeabi_uldivmod" [drivers/mtd/nand/nandsim.ko] undefined!

After investigating with objdump and hand built assembly version
generated with the compiler, I narrowed __aeabi_uldivmod as being
generated from the divide function. When nandsim.c is built with
-fno-inline-functions-called-once, that happens when
CONFIG_DEBUG_SECTION_MISMATCH is enabled, the do_div optimization in
arch/arm/include/asm/div64.h doesn't work as expected with the open
coded divide function: even if the do_div we are using doesn't have a
constant divisor, the compiler still includes the else parts of the
optimized do_div macro, and translates the divisions there to use
__aeabi_uldivmod, instead of only calling __do_div_asm -> __do_div64 and
optimizing/removing everything else out.

So to reproduce, gcc 4.6 plus CONFIG_DEBUG_SECTION_MISMATCH=y and
CONFIG_MTD_NAND_NANDSIM=m should do it, building on armel.

After this change, the compiler does the intended thing even with
-fno-inline-functions-called-once, and optimizes out as expected the
constant handling in the optimized do_div on arm. As this also avoids a
build issue, I'm marking for Stable, as I think is applicable for this
case.

Signed-off-by: Herton Ronaldo Krzesinski <herton.krzesinski@canonical.com>
Cc: stable@vger.kernel.org
Acked-by: Nicolas Pitre <nico@linaro.org>
Signed-off-by: Artem Bityutskiy <artem.bityutskiy@linux.intel.com>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
2012-07-06 16:59:33 +01:00
Mike Dunn
021796b892 mtd: ABI documentation: clarification of bitflip_threshold
The -EUCLEAN return value applies to mtd_read_oob() as well as mtd_read(), but
only mtd_read() was mentioned in the blurd on bitflip_threshold in the ABI
documentation.

Signed-off-by: Mike Dunn <mikedunn@newsguy.com>
Signed-off-by: Artem Bityutskiy <artem.bityutskiy@linux.intel.com>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
2012-07-06 15:10:06 +01:00
Sascha Hauer
6023813a2d mtd: gpmi-nand: fix read page when reading to vmalloced area
The gpmi-nand driver uses virt_addr_valid() to check whether a buffer
is suitable for dma. If it's not, a driver allocated buffer is used
instead. Then after a page read the driver allocated buffer must be
copied to the user supplied buffer. This does not happen since commit
7725cc8593.

This patch fixes the issue. The bug is encountered with UBI which uses a
vmalloced buffer for the volume table.

Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Tested-by: snijsure@grid-net.com
Acked-by: Huang Shijie <b32955@freescale.com>
Signed-off-by: Artem Bityutskiy <artem.bityutskiy@linux.intel.com>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
2012-07-06 15:06:23 +01:00